Vulnerabilities (CVE)

Filtered by vendor Newrelic Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3800 27 Anynines, Apigee, Appdynamics and 24 more 55 Elasticsearch, Logme, Mongodb and 52 more 2019-10-09 2.1 LOW 7.8 HIGH
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
CVE-2017-9246 1 Newrelic 1 .net Agent 2017-07-05 7.5 HIGH 9.8 CRITICAL
New Relic .NET Agent before adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
CVE-2013-0284 1 Newrelic 1 Ruby Agent 2013-04-10 5.0 MEDIUM N/A
Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.