CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32037 – GeoNetwork vulnerable to search end-point information disclosure in response headers
https://notcve.org/view.php?id=CVE-2024-32037
11 Feb 2025 — GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. • https://docs.geonetwork-opensource.org/4.4/api/search • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5513
https://notcve.org/view.php?id=CVE-2006-5513
26 Oct 2006 — SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. Vulnerabilidad de inyección de SQL en GeoNetwork opensource anterior a 2.0.3, permite a atacantes remotos ejecutar comandos SQL de su elección, y completar una conexión, mediante vectores sin especificar. • http://secunia.com/advisories/22502 •