Vulnerabilities > Huntflow

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-10	CVE-2021-37934	Improper Restriction of Excessive Authentication Attempts vulnerability in Huntflow Enterprise 3.10.6 Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. network low complexity huntflow CWE-307 critical	9.8
2021-12-10	CVE-2021-37935	Information Exposure vulnerability in Huntflow Enterprise An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. network low complexity huntflow CWE-200	7.5
2021-10-14	CVE-2021-37933	Injection vulnerability in Huntflow Enterprise An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. network low complexity huntflow CWE-74	7.5

Vulnerabilities > Huntflow {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Huntflow"}]}