Filtered by vendor Newrelic
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-11-21 | 2.1 LOW | 6.3 MEDIUM |
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | |||||
CVE-2017-9246 | 1 Newrelic | 1 .net Agent | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. | |||||
CVE-2013-0284 | 1 Newrelic | 1 Ruby Agent | 2024-11-21 | 5.0 MEDIUM | N/A |
Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data. |