Vulnerabilities (CVE)

Filtered by vendor Strangebee Subscribe
Filtered by product Thehive
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18376 1 Strangebee 1 Thehive 2023-09-15 6.5 MEDIUM 8.8 HIGH
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
CVE-2023-39069 1 Strangebee 2 Cortex, Thehive 2023-09-15 N/A 9.8 CRITICAL
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.