Filtered by vendor Neuvector
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8077 | 2 Neuvector, Suse | 2 Neuvector, Neuvector | 2025-09-18 | 9.8 Critical |
| A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs. | ||||
| CVE-2025-54467 | 2 Neuvector, Suse | 2 Neuvector, Neuvector | 2025-09-18 | 5.3 Medium |
| When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log. | ||||
| CVE-2025-53884 | 2 Neuvector, Suse | 2 Neuvector, Neuvector | 2025-09-18 | 5.3 Medium |
| NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed). | ||||
| CVE-2019-19747 | 1 Neuvector | 1 Neuvector | 2024-11-21 | 9.8 Critical |
| NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords). | ||||
| CVE-2023-32188 | 1 Neuvector | 1 Neuvector | 2024-10-16 | N/A |
| A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||||
Page 1 of 1.