Investigate

investigate

Vendor: Siren • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-35857 1Siren 1Investigate Nov 21, 2024 Jun 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Siren Investigate before 13.2.2, session keys remain active even after logging out.
CVE-2022-47544 1Siren 1Investigate Apr 10, 2025 Jan 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
CVE-2022-47543 1Siren 1Investigate Apr 10, 2025 Jan 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
CVE-2021-36794 1Siren 1Investigate Nov 21, 2024 Nov 2, 2021 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.
CVE-2021-31216 1Siren 1Investigate Nov 21, 2024 Jul 19, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an...Show more Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.Show less