Vulnerabilities > Northern Tech

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-45684 SQL Injection vulnerability in Northern.Tech Cfengine
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection.
network
low complexity
northern-tech CWE-89
7.5
2023-04-26 CVE-2023-26560 Unspecified vulnerability in Northern.Tech Cfengine
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
network
low complexity
northern-tech
6.5
2022-07-06 CVE-2022-32290 Incorrect Authorization vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control.
low complexity
northern-tech CWE-863
3.3
2022-04-28 CVE-2022-29555 Cross-Site Request Forgery (CSRF) vulnerability in Northern.Tech Mender
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2.
6.8
2022-04-28 CVE-2022-29556 Server-Side Request Forgery (SSRF) vulnerability in Northern.Tech Mender 3.2.0/3.2.1
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
network
low complexity
northern-tech CWE-918
7.5
2022-03-10 CVE-2021-44215 Incorrect Default Permissions vulnerability in Northern.Tech Cfengine
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.
local
low complexity
northern-tech CWE-276
2.1
2022-03-10 CVE-2021-44216 Incorrect Default Permissions vulnerability in Northern.Tech Cfengine
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.
local
low complexity
northern-tech CWE-276
2.1
2021-10-27 CVE-2021-36756 Improper Certificate Validation vulnerability in Northern.Tech Cfengine
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
network
low complexity
northern-tech CWE-295
6.4
2021-10-27 CVE-2021-38379 Incorrect Default Permissions vulnerability in Northern.Tech Cfengine
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
local
low complexity
northern-tech CWE-276
2.1
2021-08-27 CVE-2021-35342 Insufficient Session Expiration vulnerability in Northern.Tech Useradm 1.13.0/1.14.0
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
4.3