Browse all 4 CVE security advisories affecting Sherpa. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sherpa is a cloud security platform focused on infrastructure and application protection. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation issues. The platform has recorded four CVEs, primarily related to authentication bypass and insecure direct object reference flaws. Sherpa's architecture emphasizes automated compliance checks and real-time threat detection, though past incidents involved misconfigurations leading to unauthorized access to sensitive customer data. Security researchers have noted that while Sherpa provides robust monitoring capabilities, its complex implementation can introduce additional attack surfaces if not properly configured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-46544 | Sherpa Orchestrator 安全漏洞 — OrchestratorCWE-863 | 6.4 | Medium | 2025-04-25 |
| CVE-2025-46547 | Sherpa Orchestrator 跨站请求伪造漏洞 — OrchestratorCWE-352 | 5.4 | Medium | 2025-04-25 |
| CVE-2025-46546 | Sherpa Orchestrator SQL注入漏洞 — OrchestratorCWE-89 | 3.5 | Low | 2025-04-25 |
| CVE-2025-46545 | Sherpa Orchestrator 跨站脚本漏洞 — OrchestratorCWE-79 | 4.4 | Medium | 2025-04-25 |
This page lists every published CVE security advisory associated with Sherpa. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.