Vulnerabilities > Perforce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2024-3930 | XXE vulnerability in Perforce Akana API In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | 9.8 |
| 2024-07-30 | CVE-2024-5249 | Authentication Bypass by Capture-replay vulnerability in Perforce Akana API In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | 7.5 |
| 2024-07-30 | CVE-2024-5250 | Information Exposure Through an Error Message vulnerability in Perforce Akana API In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | 5.3 |
| 2024-02-01 | CVE-2024-0325 | Command Injection vulnerability in Perforce Helix Sync In Helix Sync versions prior to 2024.1, a local command injection was identified. | 7.8 |
| 2023-11-08 | CVE-2023-35767 | Resource Exhaustion vulnerability in Perforce Helix Core In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. | 7.5 |
| 2023-11-08 | CVE-2023-45319 | Unspecified vulnerability in Perforce Helix Core In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. | 7.5 |
| 2023-11-08 | CVE-2023-45849 | Code Injection vulnerability in Perforce Helix Core An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. | 9.8 |
| 2023-11-08 | CVE-2023-5759 | Unspecified vulnerability in Perforce Helix Core In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. | 7.5 |
| 2022-07-19 | CVE-2022-2394 | Information Exposure Through Log Files vulnerability in Perforce Puppet Bolt Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | 3.5 |
| 2021-04-13 | CVE-2021-28973 | XXE vulnerability in Perforce Helix ALM 2020.3.1 The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | 4.9 |