
CVE-2021-22957
https://notcve.org/view.php?id=CVE-2021-22957
24 Nov 2021 — A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. Una vulnerabilidad de intercambio de recursos entre orígenes (CORS) encontrada en la aplicación UniFi Protect versión 1.19.2 y anteriores, permite que un actor malicioso que haya conve... • https://community.ui.com/releases/Security-Advisory-Bulletin-021-021/62bd8841-6603-4fee-9dba-73037148f173 • CWE-16: Configuration •

CVE-2021-22943
https://notcve.org/view.php?id=CVE-2021-22943
31 Aug 2021 — A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. Una vulnerabilidad encontrada en la aplicación UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso que ya ha conseguido acceso a una red controlar posteriormente la(s) cámara(s) Protect asignada(s) a d... • https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f • CWE-287: Improper Authentication •

CVE-2021-22944
https://notcve.org/view.php?id=CVE-2021-22944
31 Aug 2021 — A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. Una vulnerabilidad encontrada en la aplicación UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso con un rol de sólo vista y acceso a la red alcanzar los mismos privilegios que el propietario de la ap... • https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f •

CVE-2020-8213
https://notcve.org/view.php?id=CVE-2020-8213
30 Jul 2020 — An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. Se presenta una vulnerabilidad de exposición de información en UniFi Protect en versiones anteriores a v1.13.4-beta.5, que permitía a atacantes no autenticados acceder a nombres de usuario validos para la aplicación web UniFi Protect por medio del código de respuesta HTTP y la sin... • https://community.ui.com/releases/Security-advisory-bulletin-013-013/56d4d616-4afd-40ee-863f-319b7126ed84 • CWE-209: Generation of Error Message Containing Sensitive Information •