CERT.PL CNA

icon indicating a website link https://cert.pl/en/cvd/ icon indicating an email [email protected]

icon company @CERT-Polska icon location Warsaw, Poland icon location Since 2023 CERT.PL is a Partner of CVE Program as a CNA (CVE Numbering Authority). Our CVD Policy is linked below.

Results 4 comments of CERT.PL CNA

Code injection vulnerability on /system/log endpoint

@avollkopf we have been requested to assign a CVE for that vulnerability. We have reserved CVE-2024-3955 and we will soon publish its details. If you want to consult its content...

Code injection vulnerability on /system/log endpoint

The vulnerability was described and published at the following addresses: https://www.cve.org/CVERecord?id=CVE-2024-3955 https://cert.pl/en/posts/2024/05/CVE-2024-3955/ Best regards CERT.PL CNA

🐛 | RCE/CSRF/XSS vulnerabilities

Hello, since details were already disclosed and nobody proved that these vulnerabilities do not exist, we have decided to publish the records. They are available under the links: [CVE-2024-3798](https://www.cve.org/CVERecord?id=CVE-2024-3798) [CVE-2024-3799](https://www.cve.org/CVERecord?id=CVE-2024-3799)

🐛 | RCE/CSRF/XSS vulnerabilities

Hi @s-martin. you are right about the versions, we have adjusted the entries. Regarding the CVSS score - as the attack might be performed remotely by serving a malicious website,...