Black Duck
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12021 | Hig | 0.55 | — | 0.00 | Mar 31, 2025 | Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting… | ||
| CVE-2025-0504 | Med | 0.35 | 5.4 | 0.00 | Nov 21, 2025 | Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should… | ||
| CVE-2026-1496 | 0.00 | — | 0.00 | Mar 27, 2026 | Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can… | |||
| CVE-2023-1663 | 0.00 | — | 0.00 | Mar 29, 2023 | Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the… |
- risk 0.55cvss —epss 0.00
Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting…
- risk 0.35cvss 5.4epss 0.00
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should…
- CVE-2026-1496Mar 27, 2026risk 0.00cvss —epss 0.00
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can…
- CVE-2023-1663Mar 29, 2023risk 0.00cvss —epss 0.00
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the…