Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
15031.2%HIGH

Related CVEs

5
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-42167The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.HIGH7.238.2%Aug 12, 2024
CVE-2024-42166The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.HIGH7.238.2%Aug 12, 2024
CVE-2024-42165Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.MEDIUM5.427.8%Aug 12, 2024
CVE-2024-42164Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.MEDIUM4.327.5%Aug 12, 2024
CVE-2024-42163Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.HIGH8.124.6%Aug 12, 2024