Every CVE whose affected-product data names Amazon Data.all, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-52311 — CVSS 6.3 (medium): Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue…
CVE-2024-52312 — CVSS 5.4 (medium): Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted…
CVE-2024-52314 — CVSS 4.9 (medium): A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data…
CVE-2024-10953 — CVSS 4.3 (medium): An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group…
CVE-2024-52313 — CVSS 4.3 (medium): An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment…