Fiware Keyrock
5 CVEs affecting Fiware Keyrock. Latest disclosed: 2024-08-12. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42167 | Critical | 9.1 | 2024-08-12 | The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command prop… |
CVE-2024-42166 | Critical | 9.1 | 2024-08-12 | The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properl… |
CVE-2024-42163 | High | 8.3 | 2024-08-12 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting th… |
CVE-2024-42165 | Medium | 6.3 | 2024-08-12 | Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token… |
CVE-2024-42164 | Medium | 4.3 | 2024-08-12 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by pr… |