VYPR
Vendor

Sherpa

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-46544MedApr 25, 2025
    risk 0.42cvss 6.4epss 0.00

    In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.

  • CVE-2025-46547MedApr 25, 2025
    risk 0.35cvss 5.4epss 0.00

    In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

  • CVE-2025-46545MedApr 25, 2025
    risk 0.29cvss 4.4epss 0.00

    In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

  • CVE-2025-46546LowApr 25, 2025
    risk 0.23cvss 3.5epss 0.00

    In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx,…