Vulnerability Monitor

The vendors, products, and vulnerabilities you care about
puppet_enterprise Vendor: puppet

About This Product

puppet_enterprise is a software product offered by puppet. This product is widely deployed in production environments, making vulnerability monitoring essential for organizations relying on it. Security vulnerabilities in products of this category can affect system availability, data confidentiality, and integrity across entire networks. The significant number of reported vulnerabilities indicates this product has received substantial security scrutiny and community focus over time. Regular assessment of known vulnerabilities and timely patching are fundamental components of responsible system administration for any deployment of this software.

Vulnerability Landscape Summary

SecUtils has identified 90 known vulnerabilities affecting puppet puppet_enterprise. This includes 7 critical-severity issues and 18 high-severity issues that warrant immediate attention. Vulnerabilities in this product have been disclosed spanning from 2011 to 2025, indicating a sustained research interest and ongoing security attention. 54 medium-severity issues and 11 low-severity issues complete the vulnerability landscape. Organizations should prioritize patching based on deployment context, asset criticality, and exploitation likelihood rather than severity alone.

Known Vulnerabilities
ID Date Published Last Modified Severity (CVSSv3) Severity (CVSSv2) Exploit Available
CVE-2011-3872 2011-10-27 2025-04-11 - 2.6 Unknown
CVE-2012-1053 2012-05-29 2025-04-11 - 6.9 Unknown
CVE-2012-1054 2012-05-29 2025-04-11 - 4.4 Unknown
CVE-2012-1906 2012-05-29 2025-04-11 - 3.3 Unknown
CVE-2012-1986 2012-05-29 2025-04-11 - 2.1 Unknown
CVE-2012-1987 2012-05-29 2025-11-20 - 3.5 Unknown
CVE-2012-1988 2012-05-29 2025-04-11 - 6.0 Unknown
CVE-2012-1989 2012-06-27 2025-04-11 - 3.6 Unknown
CVE-2012-3408 2012-08-06 2025-04-11 - 2.6 Unknown
CVE-2012-3864 2012-08-06 2025-04-11 - 4.0 Likely
CVE-2012-3865 2012-08-06 2025-04-11 - 3.5 Unknown
CVE-2012-3866 2012-08-06 2025-04-11 - 2.1 Unknown
CVE-2012-3867 2012-08-06 2025-04-11 - 4.3 Likely
CVE-2013-1640 2013-03-20 2025-04-11 - 9.0 Likely
CVE-2013-1652 2013-03-20 2025-04-11 - 4.9 Unknown
CVE-2013-1653 2013-03-20 2025-04-11 - 7.1 Unknown
CVE-2013-1654 2013-03-20 2025-04-11 - 5.0 Likely
CVE-2013-1655 2013-03-20 2025-04-11 - 7.5 Likely
CVE-2013-2274 2013-03-20 2025-04-11 - 6.5 Likely
CVE-2013-2275 2013-03-20 2025-04-11 - 4.0 Likely
CVE-2013-2716 2013-04-10 2025-04-11 - 5.0 Likely
CVE-2013-3567 2013-08-19 2025-04-11 - 7.5 Likely
CVE-2013-4761 2013-08-20 2025-04-11 - 5.1 Unknown
CVE-2013-4762 2013-08-20 2025-04-11 - 5.8 Likely
CVE-2013-4955 2013-08-20 2025-04-11 - 5.8 Likely
CVE-2013-4956 2013-08-20 2025-04-11 - 3.6 Unknown
CVE-2013-4958 2013-08-20 2025-04-11 - 6.9 Unknown
CVE-2013-4959 2013-08-20 2025-04-11 - 2.1 Unknown
CVE-2013-4961 2013-08-20 2025-04-11 - 5.0 Likely
CVE-2013-4962 2013-08-20 2025-04-11 - 5.8 Likely
CVE-2013-4964 2013-08-20 2025-04-11 - 5.0 Likely
CVE-2013-4967 2013-08-20 2025-04-11 - 5.0 Likely
CVE-2013-4957 2013-10-25 2025-04-11 - 6.8 Likely
CVE-2013-4965 2013-10-25 2025-04-11 - 5.0 Likely
CVE-2013-4969 2014-01-07 2025-04-11 - 2.1 Unknown
CVE-2013-4966 2014-03-09 2025-04-12 - 6.4 Likely
CVE-2013-4971 2014-03-09 2025-04-12 - 5.0 Likely
CVE-2012-0891 2014-03-14 2025-04-12 - 4.3 Likely
CVE-2012-5158 2014-03-14 2025-04-12 - 4.0 Likely
CVE-2013-1398 2014-03-14 2025-04-12 - 8.5 Unknown
CVE-2013-1399 2014-03-14 2025-04-12 - 6.8 Likely
CVE-2013-4963 2014-03-14 2025-04-12 - 6.8 Likely
CVE-2014-3249 2014-06-17 2025-04-12 - 5.0 Likely
CVE-2014-3251 2014-08-12 2025-04-12 - 4.4 Unknown
CVE-2014-3248 2014-11-16 2025-04-12 - 6.2 Unknown
CVE-2014-9355 2014-12-19 2025-04-12 - 4.0 Likely
CVE-2015-1029 2015-01-16 2025-04-12 - 6.5 Likely
CVE-2015-7328 2016-01-08 2025-04-12 4.7 1.9 Unknown
CVE-2015-7330 2016-04-11 2025-04-12 8.8 6.5 Likely
CVE-2016-2786 2016-06-10 2025-04-12 9.8 7.5 Likely
CVE-2015-6501 2017-01-12 2025-04-20 6.1 5.8 Likely
CVE-2016-5715 2017-01-12 2025-04-20 6.1 5.8 Likely
CVE-2016-9686 2017-02-08 2025-04-20 5.3 5.0 Likely
CVE-2016-2787 2017-02-13 2025-04-20 5.3 5.0 Likely
CVE-2016-2788 2017-02-13 2025-04-20 9.8 7.5 Likely
CVE-2017-2294 2017-07-05 2025-04-20 7.5 5.0 Likely
CVE-2017-7529 2017-07-13 2025-04-20 7.5 5.0 Likely
CVE-2016-5716 2017-08-09 2025-04-20 8.8 6.5 Likely
CVE-2016-5714 2017-10-18 2025-04-20 7.2 6.5 Likely
CVE-2015-6502 2017-12-11 2025-04-20 6.1 4.3 Likely
CVE-2015-8470 2017-12-11 2025-04-20 6.5 4.3 Likely
CVE-2015-4100 2017-12-21 2025-04-20 6.8 4.9 Unknown
CVE-2017-2293 2018-02-01 2024-11-21 4.9 5.5 Likely
CVE-2017-2296 2018-02-01 2024-11-21 6.5 4.0 Likely
CVE-2017-2297 2018-02-01 2024-11-21 7.5 6.0 Unknown
CVE-2017-10689 2018-02-09 2024-11-21 5.5 2.1 Unknown
CVE-2017-10690 2018-02-09 2024-11-21 6.5 4.0 Likely
CVE-2018-6508 2018-02-09 2024-11-21 8.0 6.0 Unknown
CVE-2018-6510 2018-05-08 2024-11-21 5.4 3.5 Unknown
CVE-2018-6511 2018-05-08 2024-11-21 5.4 3.5 Unknown
CVE-2018-6512 2018-06-11 2024-11-21 9.8 7.5 Likely
CVE-2018-6513 2018-06-11 2024-11-21 8.8 6.5 Likely
CVE-2018-11749 2018-08-24 2024-11-21 9.8 5.0 Likely
CVE-2015-1855 2019-11-29 2024-11-21 5.9 4.3 Likely
CVE-2013-4968 2019-12-11 2024-11-21 6.1 4.3 Likely
CVE-2019-10694 2019-12-12 2024-11-21 9.8 7.5 Likely
CVE-2015-5686 2020-02-27 2024-11-21 8.8 6.8 Likely
CVE-2020-7943 2020-03-11 2024-11-21 7.5 5.0 Likely
CVE-2021-27021 2021-07-20 2024-11-21 8.8 6.5 Likely
CVE-2021-27019 2021-08-30 2024-11-21 4.3 4.0 Likely
CVE-2021-27020 2021-08-30 2024-11-21 8.8 6.8 Likely
CVE-2021-27022 2021-09-07 2024-11-21 4.9 4.0 Likely
CVE-2021-27023 2021-11-18 2024-11-21 9.8 5.0 Likely
CVE-2021-27025 2021-11-18 2024-11-21 6.5 4.0 Likely
CVE-2021-27026 2021-11-18 2024-11-21 4.4 2.1 Unknown
CVE-2023-1894 2023-05-04 2025-01-29 5.3 - -
CVE-2023-2530 2023-06-07 2025-08-26 9.8 - -
CVE-2023-5255 2023-10-03 2025-11-20 4.4 - -
CVE-2023-5309 2023-11-07 2024-11-21 6.8 - -
CVE-2025-5459 2025-06-26 2025-10-14 8.8 - -

How SecUtils Interprets Product Data

SecUtils normalizes and enriches National Vulnerability Database (NVD) records for puppet puppet_enterprise by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and structuring the data for rapid analysis and asset correlation. For every vulnerability listed, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference information to enable organizations to prioritize patching and risk assessment efficiently. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for vulnerability management and security operations.