Shodan
Vulnerabilities
Vulnerable Software
Misp:  Security Vulnerabilities
CVE-2020-10247
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-09
CVE-2020-8890
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
CVSS Score
5.9
EPSS Score
0.004
Published
2020-02-12
CVE-2020-8891
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
CVSS Score
5.9
EPSS Score
0.004
Published
2020-02-12
CVE-2020-8892
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
CVSS Score
8.1
EPSS Score
0.005
Published
2020-02-12
CVE-2020-8893
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-02-12
CVE-2020-8894
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-12
CVE-2019-19379
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-11-28
CVE-2019-16202
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-10
CVE-2019-14286
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-27
CVE-2019-12868
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
CVSS Score
7.2
EPSS Score
0.02
Published
2019-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved