Vulnerabilities > Perforce

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-3930 XXE vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
network
low complexity
perforce CWE-611
critical
9.8
2024-07-30 CVE-2024-5249 Authentication Bypass by Capture-replay vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
network
low complexity
perforce CWE-294
7.5
2024-07-30 CVE-2024-5250 Information Exposure Through an Error Message vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
network
low complexity
perforce CWE-209
5.3
2024-02-01 CVE-2024-0325 Command Injection vulnerability in Perforce Helix Sync
In Helix Sync versions prior to 2024.1, a local command injection was identified.
local
low complexity
perforce CWE-77
7.8
2023-11-08 CVE-2023-35767 Resource Exhaustion vulnerability in Perforce Helix Core
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified.
network
low complexity
perforce CWE-400
7.5
2023-11-08 CVE-2023-45319 Unspecified vulnerability in Perforce Helix Core
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified.
network
low complexity
perforce
7.5
2023-11-08 CVE-2023-45849 Code Injection vulnerability in Perforce Helix Core
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2.
network
low complexity
perforce CWE-94
critical
9.8
2023-11-08 CVE-2023-5759 Unspecified vulnerability in Perforce Helix Core
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified.
network
low complexity
perforce
7.5
2022-07-19 CVE-2022-2394 Information Exposure Through Log Files vulnerability in Perforce Puppet Bolt
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
network
low complexity
perforce CWE-532
3.5
2021-04-13 CVE-2021-28973 XXE vulnerability in Perforce Helix ALM 2020.3.1
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
network
low complexity
perforce CWE-611
4.0