Citeum: >> Opencti >> 1.1.2 Security Vulnerabilities
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-05-23
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-05
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-05
Page 2