VYPR
Vendor

Huntflow

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2021-37934CriDec 10, 2021
    risk 0.64cvss 9.8epss 0.01

    Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.

  • CVE-2021-37935HigDec 10, 2021
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login…

  • CVE-2021-37933HigOct 14, 2021
    risk 0.49cvss 7.5epss 0.01

    An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email…