logpoint CVE Vulnerabilities & Metrics

Focus on logpoint vulnerabilities and metrics.

Last updated: 27 Apr 2025, 22:25 UTC

About logpoint Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with logpoint. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total logpoint CVEs: 13
Earliest CVE date: 03 Feb 2024, 09:15 UTC
Latest CVE date: 16 Dec 2024, 06:15 UTC

Latest CVE reference: CVE-2024-56087

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 11

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 450.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 450.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical logpoint CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	13
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS logpoint CVEs

These are the five CVEs with the highest CVSS scores for logpoint, sorted by severity first and recency.

CVE-2024-56087 logpoint Published on 16 Dec 2024, 06:15 UTC (CVSS: 0)
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVE-2024-56086 logpoint Published on 16 Dec 2024, 06:15 UTC (CVSS: 0)
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
CVE-2024-56085 logpoint Published on 16 Dec 2024, 06:15 UTC (CVSS: 0)
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVE-2024-48950 logpoint Published on 07 Nov 2024, 17:15 UTC (CVSS: 0)
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVE-2024-33860 logpoint Published on 07 May 2024, 17:15 UTC (CVSS: 0)
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.

All CVEs for logpoint

CVE-2024-56087 logpoint vulnerability CVSS: 0 16 Dec 2024, 06:15 UTC

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.

CVE-2024-56086 logpoint vulnerability CVSS: 0 16 Dec 2024, 06:15 UTC

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.

CVE-2024-56085 logpoint vulnerability CVSS: 0 16 Dec 2024, 06:15 UTC

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.

CVE-2024-48950 logpoint vulnerability CVSS: 0 07 Nov 2024, 17:15 UTC

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.

CVE-2024-33860 logpoint vulnerability CVSS: 0 07 May 2024, 17:15 UTC

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.

CVE-2024-33859 logpoint vulnerability CVSS: 0 07 May 2024, 17:15 UTC

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.

CVE-2024-33858 logpoint vulnerability CVSS: 0 07 May 2024, 16:15 UTC

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.

CVE-2024-33857 logpoint vulnerability CVSS: 0 07 May 2024, 16:15 UTC

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

CVE-2024-33856 logpoint vulnerability CVSS: 0 07 May 2024, 16:15 UTC

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

CVE-2024-30176 logpoint vulnerability CVSS: 0 01 May 2024, 18:15 UTC

In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.

CVE-2022-48684 logpoint vulnerability CVSS: 0 27 Apr 2024, 23:15 UTC

An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user.

CVE-2024-29865 logpoint vulnerability CVSS: 0 22 Mar 2024, 15:15 UTC

Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.

CVE-2023-49950 logpoint vulnerability CVSS: 0 03 Feb 2024, 09:15 UTC

The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.