Security Advisories

CVE-2018-14889: CouchDB Instance Allows Local Code Execution (post authentication)
Posted: Sept. 5, 2018
Low severity
Fixed in Cognito 4.3
Acknowledgements: Vectra would like to thank security researchers Julien Egloff and Thibault Guittet of Synacktiv for helping secure our products and customers.


CVE-2018-14890: Cross-Site Scripting Vulnerability in Web Management Console (post authentication)
Posted: Sept. 5, 2018
Low severity
Fixed in Cognito 4.2
Acknowledgements: Vectra would like to thank security researchers Julien Egloff and Thibault Guittet of Synacktiv for helping secure our products and customers.


CVE-2018-14891: Management Console Local Privilege Escalation Vulnerability (post authentication)
Posted: Sept. 5, 2018
Medium severity
Fixed in Cognito 4.3
Acknowledgements: Vectra would like to thank security researchers Julien Egloff and Thibault Guittet of Synacktiv for helping secure our products and customers.

Contact us to report Cognito platform vulnerabilities