Vulnerabilities > Neo4J
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-23926 | XXE vulnerability in Neo4J Awesome Procedures on Cyper APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. | 8.1 |
| 2023-01-14 | CVE-2022-23532 | Path Traversal vulnerability in Neo4J Awesome Procedures on Cyper APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions. | 6.5 |
| 2022-08-12 | CVE-2022-37423 | Path Traversal vulnerability in Neo4J Awesome Procedures on Cypher Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | 7.5 |
| 2022-03-01 | CVE-2021-42767 | Path Traversal vulnerability in Neo4J Awesome Procedures 4.2.0.0/4.3.0.0/4.4.0.0 A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. | 9.1 |
| 2021-08-05 | CVE-2021-34371 | Deserialization of Untrusted Data vulnerability in Neo4J 3.4.18 Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. | 9.8 |
| 2021-07-30 | CVE-2021-34802 | Improper Privilege Management vulnerability in Neo4J Graph Databse 4.2/4.3 A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. | 8.8 |
| 2018-12-20 | CVE-2018-1000820 | XXE vulnerability in Neo4J Awesome Procedures on Cyper neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |
| 2018-10-16 | CVE-2018-18389 | Improper Authentication vulnerability in Neo4J Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | 9.8 |