Known Vulnerabilities for products from Couchbase
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Couchbase".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43963 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2021-12-07 | 2021-12-09 |
| CVE-2021-42763 | Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the clust... | 7.5 - HIGH | 2021-11-02 | 2021-11-08 |
| CVE-2021-37842 | metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get... | 7.5 - HIGH | 2021-11-02 | 2021-11-08 |
| CVE-2021-35945 | Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from a... | 7.5 - HIGH | 2021-09-29 | 2021-10-03 |
| CVE-2021-35944 | Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an... | 7.5 - HIGH | 2021-09-29 | 2021-10-03 |
| CVE-2021-35943 | Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from ... | 9.8 - CRITICAL | 2021-09-29 | 2022-07-12 |
| CVE-2021-33504 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.9 - MEDIUM | 2022-06-02 | 2023-08-08 |
| CVE-2021-31158 | In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly che... | 6.5 - MEDIUM | 2021-05-19 | 2021-05-25 |
| CVE-2021-27925 | An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled... | 4.4 - MEDIUM | 2021-05-19 | 2022-07-12 |
| CVE-2021-27924 | An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies ... | 5.9 - MEDIUM | 2021-05-19 | 2021-05-26 |
| CVE-2021-25645 | An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An intern... | 4.4 - MEDIUM | 2021-05-10 | 2021-05-24 |
| CVE-2021-25644 | An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can ... | 7.5 - HIGH | 2021-05-19 | 2021-05-25 |
| CVE-2021-25643 | An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrato... | 4.9 - MEDIUM | 2021-05-26 | 2021-09-09 |
| CVE-2020-24719 | Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exch... | 9.8 - CRITICAL | 2020-11-12 | 2020-11-30 |
| CVE-2020-9042 | In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used th... | 8.8 - HIGH | 2020-06-08 | 2020-06-11 |
| CVE-2020-9041 | In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text searc... | 7.5 - HIGH | 2020-06-08 | 2020-06-11 |
| CVE-2020-9040 | Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended pee... | 7.5 - HIGH | 2020-06-08 | 2020-06-11 |
| CVE-2020-9039 | Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissi... | 9.8 - CRITICAL | 2020-02-22 | 2022-01-01 |
| CVE-2019-11497 | In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did... | 7.5 - HIGH | 2019-09-10 | 2019-09-26 |
| CVE-2019-11496 | In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write acc... | 9.1 - CRITICAL | 2019-09-10 | 2020-08-24 |
Known software with vulnerabilities from Couchbase
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Couchbase | Couchbase Server | - |
| Application | Couchbase | Couchbase Server Java Sdk | 2.6 |
| Application | Couchbase | Server | - |
| Application | Couchbase | Sync Gateway | 2.1 |