Vulnerabilities > Northern Tech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-08 | CVE-2024-46948 | Unspecified vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2 Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | 4.3 |
| 2023-11-14 | CVE-2023-45684 | SQL Injection vulnerability in Northern.Tech Cfengine Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. | 7.5 |
| 2023-04-26 | CVE-2023-26560 | Unspecified vulnerability in Northern.Tech Cfengine Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | 6.5 |
| 2022-07-06 | CVE-2022-32290 | Incorrect Authorization vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2 The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. | 4.3 |
| 2022-04-28 | CVE-2022-29555 | Cross-Site Request Forgery (CSRF) vulnerability in Northern.Tech Mender The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. | 8.8 |
| 2022-04-28 | CVE-2022-29556 | Server-Side Request Forgery (SSRF) vulnerability in Northern.Tech Mender 3.2.0/3.2.1 The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | 9.8 |
| 2022-03-10 | CVE-2021-44215 | Incorrect Default Permissions vulnerability in Northern.Tech Cfengine Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. | 5.5 |
| 2022-03-10 | CVE-2021-44216 | Incorrect Default Permissions vulnerability in Northern.Tech Cfengine Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. | 5.5 |
| 2021-10-27 | CVE-2021-36756 | Improper Certificate Validation vulnerability in Northern.Tech Cfengine CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. | 6.5 |
| 2021-10-27 | CVE-2021-38379 | Incorrect Default Permissions vulnerability in Northern.Tech Cfengine The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. | 5.5 |