Fiware
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42167 | 0.00 | — | 0.00 | Aug 12, 2024 | The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname. | ||
| CVE-2024-42166 | 0.00 | — | 0.00 | Aug 12, 2024 | The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name. | ||
| CVE-2024-42165 | 0.00 | — | 0.00 | Aug 12, 2024 | Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | ||
| CVE-2024-42164 | 0.00 | — | 0.00 | Aug 12, 2024 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | ||
| CVE-2024-42163 | 0.00 | — | 0.00 | Aug 12, 2024 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. |
- CVE-2024-42167Aug 12, 2024risk 0.00cvss —epss 0.00
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.
- CVE-2024-42166Aug 12, 2024risk 0.00cvss —epss 0.00
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.
- CVE-2024-42165Aug 12, 2024risk 0.00cvss —epss 0.00
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
- CVE-2024-42164Aug 12, 2024risk 0.00cvss —epss 0.00
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.
- CVE-2024-42163Aug 12, 2024risk 0.00cvss —epss 0.00
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.