Shodan
Vulnerabilities
Vulnerable Software
Misp:  >> Misp  >> 2.3.120  Security Vulnerabilities
CVE-2021-41326
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-17
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-07
CVE-2021-27904
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-03-02
CVE-2020-29006
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-11-24
CVE-2020-28043
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-02
CVE-2020-25766
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-18
CVE-2020-15711
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-14
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-18
CVE-2020-11458
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-04-02
CVE-2020-8890
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
CVSS Score
5.9
EPSS Score
0.004
Published
2020-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved