Siren Investigate
by Siren
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35857 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2023 | In Siren Investigate before 13.2.2, session keys remain active even after logging out. | ||
| CVE-2022-47544 | Cri | 0.64 | 9.8 | 0.01 | Jan 5, 2023 | An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed. | ||
| CVE-2021-36794 | Cri | 0.64 | 9.8 | 0.01 | Nov 2, 2021 | In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. | ||
| CVE-2021-31216 | Hig | 0.53 | 8.1 | 0.01 | Jul 19, 2021 | Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route… | ||
| CVE-2022-47543 | Med | 0.34 | 5.3 | 0.00 | Jan 5, 2023 | An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. |
- risk 0.64cvss 9.8epss 0.01
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
- risk 0.64cvss 9.8epss 0.01
In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.
- risk 0.53cvss 8.1epss 0.01
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route…
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.