Aggregates CVE and security vulnerability intelligence across all liveconfig-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk cross-site scripting and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-22851 | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | [email protected] | 7.5 | 0.36% | 2024-02-02 | 2025-06-05 |
| CVE-2021-40841 | A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server. | [email protected] | 6.5 | 0.38% | 2022-02-18 | 2024-11-21 |
| CVE-2021-40840 | A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2. | [email protected] | 5.4 | 0.30% | 2022-02-18 | 2024-11-21 |