fiware 相關的公開 CVE 漏洞與安全風險資訊,提供 CVSS、EPSS、公開時間與漏洞情報資料,協助評估潛在風險與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-42167 | The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname. | [email protected] | 9.1 | 0.18% | 2024-08-12 | 2024-08-29 |
| CVE-2024-42166 | The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name. | [email protected] | 9.1 | 0.18% | 2024-08-12 | 2024-08-29 |
| CVE-2024-42165 | Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | [email protected] | 6.3 | 0.09% | 2024-08-12 | 2024-08-29 |
| CVE-2024-42164 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | [email protected] | 4.3 | 0.11% | 2024-08-12 | 2024-08-29 |
| CVE-2024-42163 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | [email protected] | 8.3 | 0.05% | 2024-08-12 | 2024-08-29 |