Vulnerabilities > Misp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-20 | CVE-2022-29534 | Improper Authentication vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 7.5 |
2021-06-25 | CVE-2021-35502 | Unspecified vulnerability in Misp 2.4.144 app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. | 7.5 |
2020-11-24 | CVE-2020-29006 | Missing Authorization vulnerability in Misp MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. | 7.5 |
2020-06-30 | CVE-2020-15411 | Improper Privilege Management vulnerability in Misp 2.4.128 An issue was discovered in MISP 2.4.128. | 7.5 |
2020-05-15 | CVE-2020-12889 | Unspecified vulnerability in Misp Misp-Maltego 1.4.4 MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | 7.5 |
2020-02-12 | CVE-2020-8893 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 7.5 |
2019-06-18 | CVE-2019-12868 | Deserialization of Untrusted Data vulnerability in Misp 2.4.109 app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. | 7.2 |