Jenkins Cadence Vmanager — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Cadence Vmanager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-10446 — CVSS 8.2 (high): Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2020-2243 — CVSS 5.4 (medium): Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site…
CVE-2025-31724 — CVSS 4.3 (medium): Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files…
CVE-2025-47886 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows…
CVE-2025-47887 — CVSS 4.3 (medium): Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read…