VYPR

N-central

by N-able

CVEs (12)

  • CVE-2023-47132CriFeb 8, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

  • CVE-2024-5322CriJul 1, 2024
    risk 0.59cvss 9.1epss 0.00

    The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

  • CVE-2024-28200CriJul 1, 2024
    risk 0.59cvss 9.1epss 0.02

    The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any…

  • CVE-2025-9316MedNov 12, 2025
    risk 0.54cvss epss 0.37

    N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

  • CVE-2024-8510MedMar 17, 2025
    risk 0.34cvss 5.3epss 0.00

    N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.

  • CVE-2025-8876KEVAug 14, 2025
    risk 0.13cvss epss 0.03

    Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

  • CVE-2025-8875KEVAug 14, 2025
    risk 0.12cvss epss 0.02

    Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

  • CVE-2025-11700Nov 12, 2025
    risk 0.07cvss epss 0.32

    N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

  • CVE-2025-11367Nov 12, 2025
    risk 0.00cvss epss 0.01

    The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

  • CVE-2025-11366Nov 12, 2025
    risk 0.00cvss epss 0.01

    N-central < 2025.4 is vulnerable to authentication bypass via path traversal

  • CVE-2025-10231Sep 10, 2025
    risk 0.00cvss epss 0.00

    An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.

  • CVE-2025-7051Aug 21, 2025
    risk 0.00cvss epss 0.00

    On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.