Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Neo4j Subscribe
Filtered by product Neo4j
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34371 1 Neo4j 1 Neo4j 2021-08-12 7.5 HIGH 9.8 CRITICAL
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
CVE-2018-18389 1 Neo4j 1 Neo4j 2019-01-18 7.5 HIGH 9.8 CRITICAL
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
CVE-2013-7259 1 Neo4j 1 Neo4j 2014-08-04 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.