Mender Enterprise

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-37019	Mendersoftware Mender	Cri	0.64	9.8	0.01	Jun 3, 2024	Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
CVE-2026-33552	Northern.tech Mender Enterprise		0.00	—	—	May 27, 2026	Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
CVE-2022-29556	Northern.tech Mender Enterprise		0.00	—	0.00	Apr 28, 2022	The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

CVE-2024-37019CriJun 3, 2024
Mendersoftware
Mender
risk 0.64cvss 9.8epss 0.01
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
CVE-2026-33552May 27, 2026
Northern.tech
Mender Enterprise
risk 0.00cvss —epss —
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
CVE-2022-29556Apr 28, 2022
Northern.tech
Mender Enterprise
risk 0.00cvss —epss 0.00
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.