Vulnerabilities > Northern Tech > Mender
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-06 | CVE-2022-32290 | Incorrect Authorization vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2 The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. | 3.3 |
2022-04-28 | CVE-2022-29555 | Cross-Site Request Forgery (CSRF) vulnerability in Northern.Tech Mender The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. | 6.8 |
2022-04-28 | CVE-2022-29556 | Server-Side Request Forgery (SSRF) vulnerability in Northern.Tech Mender 3.2.0/3.2.1 The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | 7.5 |