Northern.tech - Mender CVE

Filtered by vendor Northern.tech Subscribe

Filtered by product Mender

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-29556	1 Northern.tech	1 Mender	2022-05-10	7.5 HIGH	9.8 CRITICAL
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

Vulnerabilities (CVE)