VYPR

Mender Enterprise

by Northern.tech

CVEs (6)

  • CVE-2024-37019CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.

  • CVE-2022-29556CriApr 28, 2022
    risk 0.64cvss 9.8epss 0.01

    The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

  • CVE-2022-29555HigApr 28, 2022
    risk 0.57cvss 8.8epss 0.00

    The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.

  • CVE-2021-35342HigAug 27, 2021
    risk 0.49cvss 7.5epss 0.01

    The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification…

  • CVE-2024-46947MedNov 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

  • CVE-2026-33552LowMay 27, 2026
    risk 0.24cvss 3.7epss 0.00

    Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.