DOM Customer Portal / Security Advisories

Security Advisories

Notifications of security vulnerabilities
ADVISORY ID TITLE CVSS SCORE DISCOVERED PUBLISHED FIXED VERSION
DOM-26-012 Cross-Site Request Forgery on State-Changing Actions 5.4 May 11, 2026 Jun 12, 2026 v26.06
DOM-26-011 Incomplete Output Escaping of Device-Reported and Log Values 5.4 Jun 1, 2026 Jun 12, 2026 v26.06
DOM-26-010 Missing Permission Enforcement on Inbox and Public Link Actions 5.4 Jun 8, 2026 Jun 12, 2026 v26.06
DOM-26-009 Malformed or Oversized Device Data Disrupts Configuration Processing 6.5 Jun 8, 2026 Jun 12, 2026 v26.06
DOM-26-008 User Audit Log Permission Bypass 4.3 Jun 8, 2026 Jun 12, 2026 v26.06
DOM-26-007 Delayed DX Session Revocation After Device Disable or Removal 5.4 Jun 1, 2026 Jun 12, 2026 v26.06
DOM-26-006 Resource Exhaustion in Enrollment and Dashboard Paths 5.3 May 5, 2026 Jun 12, 2026 v26.06
DOM-26-005 Account Enumeration in Password Reset 5.3 Jun 1, 2026 Jun 12, 2026 v26.06
DOM-26-004 SSO Access Mapping and Identity Binding Issues 8.1 Jun 4, 2026 Jun 12, 2026 v26.06
DOM-26-003 Session Persistence After SSO Expiry 5.4 Dec 18, 2025 Jun 3, 2026 v25.12
DOM-26-002 Open Redirect in RTask Postback Parameter 4.7 Apr 8, 2026 Jun 3, 2026 v26.04.1
DOM-26-001 Missing CSRF Validation on State-Changing Routes 4.3 Apr 8, 2026 Jun 3, 2026 v26.04.1
DOM-25-002 Improper TLS Server Identity Verification in DX/DAL 4.8 Feb 3, 2025 Jun 3, 2026 v25.04
DOM-25-001 Authenticated SQL injection in API 8.8 Nov 14, 2025 Nov 17, 2025 v25.08.5
DOM-23-002 Improper Validation of Certificate in DX/DAL client 8.1 Sep 5, 2023 Oct 13, 2023 v23.9
DOM-23-001 Authentication Timing Attack Vulnerability 8.9 Jun 20, 2023 Jun 28, 2023 v23.6
DOPPLER-SA-0002 Authorization Bypass Vulnerability in Router Inbox 8.4 Dec 1, 2022 Dec 22, 2022 v22.12
DOPPLER-SA-0001 Sensitive Data Disclosure Vulnerability 3.8 Oct 24, 2022 Dec 22, 2022 v22.12