Vulnerabilities (CVE)

Filtered by vendor Citeum Subscribe
Filtered by product Opencti
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30290 1 Citeum 1 Opencti 2024-11-21 5.0 MEDIUM 7.5 HIGH
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.
CVE-2022-30289 1 Citeum 1 Opencti 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.