Filtered by vendor Logpoint
Subscribe
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30176 | 1 Logpoint | 1 Siem | 2025-04-22 | N/A | 5.3 MEDIUM |
| In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. | |||||
| CVE-2022-48685 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 7.7 HIGH |
| An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | |||||
| CVE-2022-48684 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 8.4 HIGH |
| An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. | |||||
| CVE-2024-48950 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 7.5 HIGH |
| An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | |||||
| CVE-2024-33856 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 5.3 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. | |||||
| CVE-2024-33857 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 9.6 CRITICAL |
| An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | |||||
| CVE-2024-33858 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 5.3 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. | |||||
| CVE-2024-33859 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 6.1 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. | |||||
| CVE-2024-33860 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | |||||
| CVE-2024-56087 | 1 Logpoint | 1 Siem | 2025-04-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | |||||
| CVE-2024-56086 | 1 Logpoint | 1 Siem | 2025-04-17 | N/A | 7.1 HIGH |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution. | |||||
| CVE-2024-56085 | 1 Logpoint | 1 Siem | 2025-04-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | |||||
| CVE-2024-29865 | 1 Logpoint | 1 Siem | 2025-04-16 | N/A | 5.4 MEDIUM |
| Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. | |||||
| CVE-2023-49950 | 1 Logpoint | 1 Siem | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | |||||