Known Vulnerabilities for products from Thingsboard
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Thingsboard".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-45303 json | ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache... | 8.8 - HIGH | 2023-10-06 | 2023-10-12 |
| CVE-2023-26462 json | ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable fo... | 8.1 - HIGH | 2023-02-23 | 2023-08-29 |
| CVE-2022-48341 json | ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrato... | 8.8 - HIGH | 2023-02-23 | 2023-03-03 |
| CVE-2022-45608 json | An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (v... | 8.8 - HIGH | 2023-03-01 | 2023-05-11 |
| CVE-2022-40004 json | Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL ... | 9.6 - CRITICAL | 2022-12-15 | 2022-12-21 |
| CVE-2022-31861 json | Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. | 5.4 - MEDIUM | 2022-09-13 | 2022-09-17 |
| CVE-2021-42751 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2022-08-12 | 2022-08-15 |
| CVE-2021-42750 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2022-08-12 | 2022-08-15 |
| CVE-2020-27687 json | ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send mali... | 8.8 - HIGH | 2020-12-18 | 2021-07-21 |
Known software with vulnerabilities from Thingsboard
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Thingsboard | Thingsboard | 1.0 |