VYPR

Coverity

by Black Duck

CVEs (3)

  • CVE-2024-12021HigMar 31, 2025
    risk 0.55cvss epss 0.00

    Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting…

  • CVE-2026-1496Mar 27, 2026
    risk 0.00cvss epss 0.00

    Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can…

  • CVE-2023-1663Mar 29, 2023
    risk 0.00cvss epss 0.00

    Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the…