Vulnerabilities > Misp > Misp > 2.4.109

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-8890 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp CWE-367
4.3
4.3
2019-09-10 CVE-2019-16202 Improper Privilege Management vulnerability in Misp
MISP before 2.4.115 allows privilege escalation in certain situations.
network
low complexity
misp CWE-269
4.0
4.0
2019-06-18 CVE-2019-12868 Deserialization of Untrusted Data vulnerability in Misp 2.4.109
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
network
low complexity
misp CWE-502
7.2
7.2