Mender Enterprise
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37019 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2024 | Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | ||
| CVE-2022-29556 | Cri | 0.64 | 9.8 | 0.01 | Apr 28, 2022 | The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | ||
| CVE-2022-29555 | Hig | 0.57 | 8.8 | 0.00 | Apr 28, 2022 | The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. | ||
| CVE-2021-35342 | Hig | 0.49 | 7.5 | 0.01 | Aug 27, 2021 | The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification… | ||
| CVE-2024-46947 | Med | 0.42 | 6.5 | 0.00 | Nov 8, 2024 | Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. | ||
| CVE-2026-33552 | Low | 0.24 | 3.7 | 0.00 | May 27, 2026 | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. |
- risk 0.64cvss 9.8epss 0.01
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
- risk 0.64cvss 9.8epss 0.01
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
- risk 0.57cvss 8.8epss 0.00
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.
- risk 0.49cvss 7.5epss 0.01
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification…
- risk 0.42cvss 6.5epss 0.00
Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.
- risk 0.24cvss 3.7epss 0.00
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.