Logsign Unified Secops Platform vulnerabilities
15 known vulnerabilities affecting logsign/unified_secops_platform.
Total CVEs
15
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-1044P1CRITICALCVSS 9.8fixed in 6.4.32v6.4.272025-02-11
CVE-2025-1044 [CRITICAL] CWE-287 CVE-2025-1044: Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remot
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 443 by default
nvd
CVE-2024-5721P2HIGHCVSS 8.1PoC≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5721 [HIGH] CWE-306 CVE-2024-5721: Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vul
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the cluster HTT
nvd
CVE-2024-5717P2HIGHCVSS 8.8≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5717 [HIGH] CWE-78 CVE-2024-5717: Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerab
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific fl
nvd
CVE-2024-5720P2HIGHCVSS 8.8≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5720 [HIGH] CWE-78 CVE-2024-5720: Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerab
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific fl
nvd
CVE-2024-5719P2HIGHCVSS 8.8≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5719 [HIGH] CWE-78 CVE-2024-5719: Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerab
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific fl
nvd
CVE-2024-5716P2CRITICALCVSS 9.8≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5716 [CRITICAL] CWE-307 CVE-2024-5716: Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remot
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the password reset mechanism. The issue results from the
nvd
CVE-2024-5718P2HIGHCVSS 8.1≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5718 [HIGH] CWE-306 CVE-2024-5718: Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vul
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the cluster HTT
nvd
CVE-2024-5722P2HIGHCVSS 8.8≥ 6.4.6, < 6.4.8v6.4.62024-11-22
CVE-2024-5722 [HIGH] CWE-321 CVE-2024-5722: Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerab
Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP API
nvd
CVE-2024-7600P3HIGHCVSS 8.1v6.4.202024-08-21
CVE-2024-7600 [HIGH] CWE-22 CVE-2024-7600: Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vuln
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the HTTP API service, which listens on TCP
nvd
CVE-2024-7601P3HIGHCVSS 8.1v6.4.202024-08-21
CVE-2024-7601 [HIGH] CWE-22 CVE-2024-7601: Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion V
Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the HTTP API service
nvd
CVE-2024-7603P3HIGHCVSS 8.1v6.4.202024-08-21
CVE-2024-7603 [HIGH] CWE-22 CVE-2024-7603: Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the HTTP API service, which list
nvd
CVE-2024-7604P3HIGHCVSS 7.8v6.4.202024-08-21
CVE-2024-7604 [HIGH] CWE-863 CVE-2024-7604: Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vu
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the HTTP API service, which listens on TCP
nvd
CVE-2024-7602P3MEDIUMCVSS 6.5v6.4.202024-08-21
CVE-2024-7602 [MEDIUM] CWE-22 CVE-2024-7602: Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulne
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the HTTP API service, which listen
nvd
CVE-2024-9257P3MEDIUMCVSS 6.5fixed in 6.4.26v6.4.242024-11-22
CVE-2024-9257 [MEDIUM] CWE-20 CVE-2024-9257: Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vuln
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists
nvd
CVE-2024-7564P3MEDIUMCVSS 6.5v6.4.112024-08-06
CVE-2024-7564 [MEDIUM] CWE-22 CVE-2024-7564: Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulne
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the get_response_json_result endpo
nvd