Vulnerabilities > Neo4J > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2021-42767 | Path Traversal vulnerability in Neo4J Awesome Procedures 4.2.0.0/4.3.0.0/4.4.0.0 A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. | 9.1 |
| 2021-08-05 | CVE-2021-34371 | Deserialization of Untrusted Data vulnerability in Neo4J 3.4.18 Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. | 9.8 |
| 2018-12-20 | CVE-2018-1000820 | XXE vulnerability in Neo4J Awesome Procedures on Cyper neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | 10.0 |
| 2018-10-16 | CVE-2018-18389 | Improper Authentication vulnerability in Neo4J Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | 9.8 |