Northern.tech: >> Cfengine >> 3.21.2 Security Vulnerabilities
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2026-05-14
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-05-14
Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
CVSS Score
7.3
EPSS Score
0.009
Published
2026-05-14
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-11-14