Vulnerabilities (CVE)

Filtered by vendor Citeum Subscribe
Filtered by product Opencti
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45404 1 Citeum 1 Opencti 2025-05-17 N/A 8.1 HIGH
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available.
CVE-2022-30290 1 Citeum 1 Opencti 2024-11-21 5.0 MEDIUM 7.5 HIGH
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.
CVE-2022-30289 1 Citeum 1 Opencti 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.