cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-41180,https://securityvulnerability.io/vulnerability/CVE-2023-41180,Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++,"Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped,  disabling verification by default, when using HTTPS.

Mitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior.

",Apache,Apache Nifi Minifi C++,5.9,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-09-03T16:15:00.000Z,0
CVE-2021-33191,https://securityvulnerability.io/vulnerability/CVE-2021-33191,MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol,"From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an ""agent-update"" command which was designed to patch the application binary. This ""patching"" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a ""c2-update"" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0",Apache,Apache Nifi - Minifi C++,9.8,CRITICAL,0.010060000233352184,false,,false,false,false,,,false,false,,2021-08-24T11:20:09.000Z,0