Every CVE whose affected-product data names Fiware Keyrock, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-42166 — CVSS 9.1 (critical): The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in…
CVE-2024-42167 — CVSS 9.1 (critical): The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used…
CVE-2024-42163 — CVSS 8.3 (high): Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any…
CVE-2024-42165 — CVSS 6.3 (medium): Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by…
CVE-2024-42164 — CVSS 4.3 (medium): Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor…