logpoint 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk ssrf, and vendor risk file inclusion があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise、ファイル上書き, and vendor impact unauthorized access などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-66361 | An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load. | [email protected] | 6.9 | 0.03% | 2025-11-28 | 2025-12-03 |
| CVE-2025-66360 | An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation. | [email protected] | 6.9 | 0.05% | 2025-11-28 | 2025-12-03 |
| CVE-2025-66359 | An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. | [email protected] | 8.5 | 0.02% | 2025-11-28 | 2025-12-03 |
| CVE-2024-56087 | An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | [email protected] | 5.9 | 0.16% | 2024-12-16 | 2025-04-17 |
| CVE-2024-56086 | An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution. | [email protected] | 7.1 | 5.01% | 2024-12-16 | 2025-04-17 |
| CVE-2024-56085 | An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | [email protected] | 5.9 | 0.13% | 2024-12-16 | 2025-04-17 |
| CVE-2024-56084 | An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution. | [email protected] | 7.1 | 5.01% | 2024-12-16 | 2025-06-20 |
| CVE-2024-48954 | An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. | [email protected] | 6.4 | 3.61% | 2024-11-07 | 2025-04-30 |
| CVE-2024-48953 | An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. | [email protected] | 7.5 | 0.32% | 2024-11-07 | 2025-04-30 |
| CVE-2024-48952 | An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. | [email protected] | 6.4 | 0.16% | 2024-11-07 | 2025-04-30 |
| CVE-2024-48951 | An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass. | [email protected] | 7.5 | 0.06% | 2024-11-07 | 2025-04-30 |
| CVE-2024-48950 | An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | [email protected] | 7.5 | 0.16% | 2024-11-07 | 2025-04-18 |
| CVE-2024-36383 | An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage. | [email protected] | 5.3 | 0.21% | 2024-05-27 | 2025-06-30 |
| CVE-2024-33860 | An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | [email protected] | 6.5 | 0.23% | 2024-05-07 | 2025-04-18 |
| CVE-2024-33859 | An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. | [email protected] | 6.1 | 0.51% | 2024-05-07 | 2025-04-18 |
| CVE-2024-33858 | An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. | [email protected] | 5.3 | 0.24% | 2024-05-07 | 2025-04-18 |
| CVE-2024-33857 | An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | [email protected] | 9.6 | 0.21% | 2024-05-07 | 2025-04-18 |
| CVE-2024-33856 | An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. | [email protected] | 5.3 | 0.37% | 2024-05-07 | 2025-04-18 |
| CVE-2024-30176 | In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. | [email protected] | 5.3 | 0.34% | 2024-05-01 | 2025-04-22 |
| CVE-2022-48685 | An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | [email protected] | 7.7 | 0.02% | 2024-04-27 | 2025-04-18 |