Browse all 5 CVE security advisories affecting FIWARE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FIWARE provides an open-source platform for building smart city and IoT applications by offering reusable components for data integration and context management. Historically, vulnerabilities have included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from improper input validation and misconfigured access controls. While no major public security incidents have been widely reported, the platform's CVE history reflects typical web application risks. Its modular architecture requires careful security configuration across components, as improper implementation could expose sensitive data or enable unauthorized access. The platform's complexity increases potential attack surfaces, necessitating rigorous security testing in deployment environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-42167 | Command Injection in Organisationname — FIWARE KeyrockCWE-78 | 9.1 | Critical | 2024-08-12 |
| CVE-2024-42166 | Command Injection in Applicationname — FIWARE KeyrockCWE-78 | 9.1 | Critical | 2024-08-12 |
| CVE-2024-42165 | Arbitrary User Activation — FIWARE KeyrockCWE-330 | 6.3 | Medium | 2024-08-12 |
| CVE-2024-42164 | Disabling MFA without Authentication — FIWARE KeyrockCWE-287 | 4.3 | Medium | 2024-08-12 |
| CVE-2024-42163 | Password Manipulation — FIWARE KeyrockCWE-326 | 8.3 | High | 2024-08-12 |
This page lists every published CVE security advisory associated with FIWARE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.