Filtered by vendor Eigentech
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38615 | 1 Eigentech | 1 Natural Language Processing | 2022-07-12 | 8.1 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | ||||
| CVE-2021-38616 | 1 Eigentech | 1 Natural Language Processing | 2022-07-12 | 8.8 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more. | ||||
| CVE-2021-38617 | 1 Eigentech | 1 Natural Language Processing | 2022-07-12 | 8.8 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | ||||
Page 1 of 1.