RSS   Podatności dla 'Neo4j'   RSS

2021-08-05
 
CVE-2021-34371

CWE-502
 

 
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

 
2014-04-29
 
CVE-2013-7259

CWE-78
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.

 

 >>> Vendor: Neo4j 2 Produkty
Neo4j
Graph databse


Copyright 2024, cxsecurity.com

 

Back to Top