Monitoring And Management
by Percona
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25212 | Cri | 0.64 | 9.9 | 0.00 | Apr 2, 2026 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying… | ||
| CVE-2024-5466 | 0.02 | — | 0.07 | Aug 23, 2024 | Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | |||
| CVE-2023-34409 | 0.00 | — | 0.01 | Jun 6, 2023 | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made… | |||
| CVE-2020-7920 | 0.00 | — | 0.02 | Feb 6, 2020 | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. |
- risk 0.64cvss 9.9epss 0.00
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying…
- CVE-2024-5466Aug 23, 2024risk 0.02cvss —epss 0.07
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
- CVE-2023-34409Jun 6, 2023risk 0.00cvss —epss 0.01
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made…
- CVE-2020-7920Feb 6, 2020risk 0.00cvss —epss 0.02
pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.