Aggregates CVE and security vulnerability intelligence across all cdex-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk open redirect and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-2465 | Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | [email protected] | 7.1 | 0.09% | 2024-03-21 | 2025-06-17 |
| CVE-2024-2464 | This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. | [email protected] | 6.3 | 0.20% | 2024-03-21 | 2025-06-17 |
| CVE-2024-2463 | Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. | [email protected] | 8.0 | 0.16% | 2024-03-21 | 2025-06-17 |