CFEngine Enterprise
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24712 | Hig | 0.47 | 7.3 | 0.01 | May 14, 2026 | Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. | ||
| CVE-2026-33553 | Med | 0.40 | 6.1 | 0.00 | Jun 2, 2026 | Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. | ||
| CVE-2026-24710 | Med | 0.40 | 6.1 | 0.00 | May 14, 2026 | Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. | ||
| CVE-2026-24711 | Med | 0.34 | 5.3 | 0.00 | May 14, 2026 | Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control. | ||
| CVE-2024-55958 | Med | 0.31 | 4.8 | 0.00 | Jan 21, 2025 | Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6. | ||
| CVE-2023-45684 | 0.00 | — | 0.01 | Nov 14, 2023 | Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub. | |||
| CVE-2023-26560 | 0.00 | — | 0.01 | Apr 25, 2023 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | |||
| CVE-2021-44215 | 0.00 | — | 0.00 | Mar 7, 2022 | Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. | |||
| CVE-2021-44216 | 0.00 | — | 0.00 | Mar 7, 2022 | Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. | |||
| CVE-2021-36756 | 0.00 | — | 0.00 | Oct 27, 2021 | CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. | |||
| CVE-2021-38379 | 0.00 | — | 0.00 | Oct 27, 2021 | The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. | |||
| CVE-2019-19394 | 0.00 | — | 0.01 | Apr 16, 2020 | Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0. | |||
| CVE-2019-9929 | 0.00 | — | 0.02 | Jun 6, 2019 | Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. |
- risk 0.47cvss 7.3epss 0.01
Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
- risk 0.40cvss 6.1epss 0.00
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
- risk 0.40cvss 6.1epss 0.00
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
- risk 0.34cvss 5.3epss 0.00
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
- risk 0.31cvss 4.8epss 0.00
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.
- CVE-2023-45684Nov 14, 2023risk 0.00cvss —epss 0.01
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.
- CVE-2023-26560Apr 25, 2023risk 0.00cvss —epss 0.01
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
- CVE-2021-44215Mar 7, 2022risk 0.00cvss —epss 0.00
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.
- CVE-2021-44216Mar 7, 2022risk 0.00cvss —epss 0.00
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.
- CVE-2021-36756Oct 27, 2021risk 0.00cvss —epss 0.00
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
- CVE-2021-38379Oct 27, 2021risk 0.00cvss —epss 0.00
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
- CVE-2019-19394Apr 16, 2020risk 0.00cvss —epss 0.01
Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.
- CVE-2019-9929Jun 6, 2019risk 0.00cvss —epss 0.02
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.