Darktrace: Security Vulnerabilities
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-16
An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-07-06
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.
CVSS Score
6.5
EPSS Score
0.021
Published
2019-10-23
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-10-23