Vulnerabilities > Neo4J > Neo4J
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-34371 | Deserialization of Untrusted Data vulnerability in Neo4J Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. | 7.5 |
| 2018-10-16 | CVE-2018-18389 | Improper Authentication vulnerability in Neo4J Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | 7.5 |
| 2014-04-29 | CVE-2013-7259 | Cross-Site Request Forgery (CSRF) vulnerability in Neo4J 1.9.2 Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | 6.8 |