What is the dotCMS CNA?
dotCMS is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 6 CVE records since 2023.
How many CVEs has dotCMS published?
dotCMS has published 6 CVE records, including 5 in the last two years.
What is dotCMS's CVE data quality grade?
RadicalNotion.AI grades dotCMS's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does dotCMS publish CVEs for?
dotCMS most frequently publishes CVEs for dotCMS Core, core, dotCMS, dotCMS Cloud Services (dCS).
Which vendors does dotCMS cover?
dotCMS publishes CVEs across 1 distinct vendors, most often dotCMS.
Is dotCMS actively publishing CVEs?
dotCMS is currently active, based on 5 CVEs in the last two years.
What is the average severity of dotCMS's CVEs?
The average CVSS base score across dotCMS's scored CVEs is 6.5.
How many critical CVEs has dotCMS published?
dotCMS has published 4 critical-severity CVEs and 0 high-severity CVEs.
Are any of dotCMS's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of dotCMS's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in dotCMS's CVEs?
dotCMS's CVEs most often map to these CWE weakness types: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-20 (Improper Input Validation), CWE-284 (Improper Access Control), CWE-532 (Insertion of Sensitive Information into Log File).
How does dotCMS rank among CNAs?
By total CVE volume, dotCMS ranks #343 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
