Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Eigentech Subscribe
Filtered by product Natural Language Processing
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38616 1 Eigentech 1 Natural Language Processing 2022-07-12 6.5 MEDIUM 8.8 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
CVE-2021-38617 1 Eigentech 1 Natural Language Processing 2022-07-12 6.5 MEDIUM 8.8 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.
CVE-2021-38615 1 Eigentech 1 Natural Language Processing 2022-07-12 5.5 MEDIUM 8.1 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.