Citeum: >> Opencti >> 3.3.1 Security Vulnerabilities
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-05
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-05
Page 2