Northern.tech Cfengine — known CVE vulnerabilities
Every CVE whose affected-product data names Northern.tech Cfengine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-45684 — CVSS 7.5 (high): Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected…
CVE-2026-24712 — CVSS 7.3 (high): Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
CVE-2023-26560 — CVSS 6.5 (medium): Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read…
CVE-2019-19394 — CVSS 6.1 (medium): Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7…
CVE-2021-44216 — CVSS 5.5 (medium): Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users…
CVE-2021-44215 — CVSS 5.5 (medium): Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an…
CVE-2021-38379 — CVSS 5.5 (medium): The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.