Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-44145
In the TransformXML processor of Apache NiFi prior to 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Apache Nifi
9.8
CVSSv3
CVE-2021-33191
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through...
Apache Nifi Minifi C\\+\\+
5.3
CVSSv3
CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high ...
Eclipse Jetty 9.4.6
Eclipse Jetty 9.4.36
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Apache Spark 3.1.1
Apache Nifi 1.13.0
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp Hci -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Netapp Management Services For Element Software -
Debian Debian Linux 10.0
Apache Solr 8.8.1
Oracle Rest Data Services
2 Github repositories
8.1
CVSSv3
CVE-2021-20190
A flaw was found in jackson-databind prior to 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Fasterxml Jackson-databind
Netapp Oncommand Insight -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Netapp Active Iq Unified Manager -
Apache Nifi
Debian Debian Linux 9.0
Oracle Commerce Guided Search And Experience Manager 11.3.2
7.5
CVSSv3
CVE-2020-9491
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and ...
Apache Nifi
5.5
CVSSv3
CVE-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to servic...
Apache Nifi
7.5
CVSSv3
CVE-2020-9486
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Apache Nifi
7.5
CVSSv3
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly reque...
Apache Nifi
6.5
CVSSv3
CVE-2020-9482
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 ...
Apache Nifi Registry
7.5
CVSSv3
CVE-2020-1942
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and loc...
Apache Nifi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »