Siren
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35857 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2023 | In Siren Investigate before 13.2.2, session keys remain active even after logging out. | ||
| CVE-2022-47544 | Cri | 0.64 | 9.8 | 0.01 | Jan 5, 2023 | An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed. | ||
| CVE-2021-36794 | Cri | 0.64 | 9.8 | 0.01 | Nov 2, 2021 | In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. | ||
| CVE-2021-31216 | Hig | 0.53 | 8.1 | 0.01 | Jul 19, 2021 | Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route… | ||
| CVE-2022-47543 | Med | 0.34 | 5.3 | 0.00 | Jan 5, 2023 | An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | ||
| CVE-2021-28938 | Med | 0.28 | 4.3 | 0.01 | Apr 13, 2021 | Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is… |
- risk 0.64cvss 9.8epss 0.01
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
- risk 0.64cvss 9.8epss 0.01
In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.
- risk 0.53cvss 8.1epss 0.01
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route…
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
- risk 0.28cvss 4.3epss 0.01
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is…