Vulnerabilities > Neo4J

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2023-23926 Unspecified vulnerability in Neo4J Awesome Procedures on Cyper
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j.
network
low complexity
neo4j
8.1
2023-01-14 CVE-2022-23532 Unspecified vulnerability in Neo4J Awesome Procedures on Cyper
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions.
network
low complexity
neo4j
6.5
2022-08-12 CVE-2022-37423 Path Traversal vulnerability in Neo4J Awesome Procedures on Cypher
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
network
low complexity
neo4j CWE-22
7.5
2022-03-01 CVE-2021-42767 Path Traversal vulnerability in Neo4J Awesome Procedures 4.2.0.0/4.3.0.0/4.4.0.0
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files.
network
low complexity
neo4j CWE-22
critical
9.1
2021-08-05 CVE-2021-34371 Deserialization of Untrusted Data vulnerability in Neo4J 3.4.18
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable.
network
low complexity
neo4j CWE-502
critical
9.8
2021-07-30 CVE-2021-34802 Improper Privilege Management vulnerability in Neo4J Graph Databse 4.2/4.3
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
network
low complexity
neo4j CWE-269
8.8
2018-12-20 CVE-2018-1000820 XXE vulnerability in Neo4J Awesome Procedures on Cyper
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
neo4j CWE-611
critical
10.0
2018-10-16 CVE-2018-18389 Improper Authentication vulnerability in Neo4J
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
network
low complexity
neo4j CWE-287
critical
9.8