Vendor
Thehive Project
Products
3
CVEs
3
Across products
4
Status
Private
Products
3- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39069 | 0.00 | — | 0.01 | Sep 11, 2023 | An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. | |||
| CVE-2019-7652 | 0.00 | — | 0.05 | May 9, 2019 | TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter.… | |||
| CVE-2018-20226 | 0.00 | — | 0.02 | Dec 21, 2018 | An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. |
- CVE-2023-39069Sep 11, 2023risk 0.00cvss —epss 0.01
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.
- CVE-2019-7652May 9, 2019risk 0.00cvss —epss 0.05
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter.…
- CVE-2018-20226Dec 21, 2018risk 0.00cvss —epss 0.02
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.