Siren Investigate
5 CVEs affecting Siren Investigate. Latest disclosed: 2023-06-19. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-35857 | Critical | 9.8 | 2023-06-19 | In Siren Investigate before 13.2.2, session keys remain active even after logging out. |
CVE-2022-47544 | Critical | 9.8 | 2023-01-05 | An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed. |
CVE-2021-36794 | Critical | 9.8 | 2021-11-02 | In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Inve… |
CVE-2021-31216 | High | 8.1 | 2021-07-19 | Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attack… |
CVE-2022-47543 | Medium | 5.3 | 2023-01-05 | An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. |