Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

apache nifi 1.1.1 vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3

CVE-2017-5636

In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request t...
Apache Nifi 0.7.0Apache Nifi 0.7.1Apache Nifi 1.1.0Apache Nifi 1.1.1
7.5
CVSSv3

CVE-2017-5635

In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
Apache Nifi 0.7.0Apache Nifi 0.7.1Apache Nifi 1.1.0Apache Nifi 1.1.1
6.1
CVSSv3

CVE-2017-7665

In Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Apache NifiApache Nifi 1.0.0Apache Nifi 1.0.1Apache Nifi 1.1.0Apache Nifi 1.1.1Apache Nifi 1.1.2Apache Nifi 1.2.0
7.5
CVSSv3

CVE-2017-7667

Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
Apache NifiApache Nifi 1.0.0Apache Nifi 1.0.1Apache Nifi 1.1.0Apache Nifi 1.1.1Apache Nifi 1.1.2Apache Nifi 1.2.0
6.5
CVSSv3

CVE-2017-12623

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should ...
Apache Nifi 1.0.0Apache Nifi 1.0.1Apache Nifi 1.1.0Apache Nifi 1.1.1Apache Nifi 1.1.2Apache Nifi 1.2.0Apache Nifi 1.3.0
5.4
CVSSv3

CVE-2016-8748

In Apache NiFi prior to 1.0.1 and 1.1.x prior to 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
Apache NifiApache Nifi 1.1.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
directory listings wordpress plugin – ulistingpostquantum-feldman-vssmatioCVE-2025-20115CVE-2025-2025HTML injectionSSTICVE-2025-2310CVE-2025-27363CVE-2025-2343logicaldoc enterpriseCVE-2025-2163dos
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook