Perforce: Security Vulnerabilities
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-30
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
CVSS Score
3.5
EPSS Score
0.001
Published
2024-07-30
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-07-30
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.
CVSS Score
3.6
EPSS Score
0.001
Published
2024-02-01
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-11-08
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-11-08
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-11-08
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-11-08
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
CVSS Score
4.1
EPSS Score
0.004
Published
2022-07-19
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-04-13
Page 1