Lucene search

K

Application Manager Security Vulnerabilities

cve
cve

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6AI Score

0.0004EPSS

2024-04-25 04:02 PM
84
cve
cve

CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin....

6.8AI Score

0.0004EPSS

2024-04-17 01:22 PM
88
cve
cve

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects...

6.4AI Score

0.0004EPSS

2024-04-17 01:21 PM
110
cve
cve

CVE-2024-1459

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and...

5.3CVSS

7.4AI Score

0.001EPSS

2024-02-12 09:15 PM
102
cve
cve

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: ...

8.8CVSS

6.6AI Score

0.0004EPSS

2024-02-02 02:15 PM
20
cve
cve

CVE-2023-47143

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...

9.8CVSS

6.5AI Score

0.001EPSS

2024-02-02 01:15 PM
18
cve
cve

CVE-2023-47144

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-02-02 01:15 PM
18
cve
cve

CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other...

6.8AI Score

0.001EPSS

2024-01-26 02:23 PM
148
cve
cve

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with.....

8.2CVSS

7.6AI Score

0.001EPSS

2023-12-15 10:15 AM
15
cve
cve

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because...

7.1AI Score

0.001EPSS

2023-12-12 09:54 PM
135
cve
cve

CVE-2023-48322

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for...

6.1CVSS

7.4AI Score

0.0005EPSS

2023-11-30 12:15 PM
59
cve
cve

CVE-2023-33873

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-11-15 05:15 PM
27
cve
cve

CVE-2023-34982

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of...

7.1CVSS

7.3AI Score

0.0004EPSS

2023-11-15 05:15 PM
24
cve
cve

CVE-2023-45756

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2...

6.1CVSS

6.8AI Score

0.0005EPSS

2023-10-25 06:17 PM
10
cve
cve

CVE-2023-3440

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-10-03 02:15 AM
38
cve
cve

CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to...

7.5CVSS

7.1AI Score

0.021EPSS

2023-09-27 03:18 PM
493
cve
cve

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...

4.3CVSS

5AI Score

0.001EPSS

2023-09-25 08:15 PM
279
cve
cve

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...

7.5CVSS

7.6AI Score

0.001EPSS

2023-09-25 08:15 PM
92
cve
cve

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never...

7.5CVSS

7AI Score

0.001EPSS

2023-09-14 03:15 PM
2511
cve
cve

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the...

8.8CVSS

8.6AI Score

0.001EPSS

2023-09-11 09:15 PM
80
cve
cve

CVE-2023-0025

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired...

5.4CVSS

5.2AI Score

0.001EPSS

2023-02-14 04:15 AM
23
cve
cve

CVE-2023-0024

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in....

5.4CVSS

5.1AI Score

0.001EPSS

2023-02-14 04:15 AM
21
cve
cve

CVE-2021-40499

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the...

9.8CVSS

9.4AI Score

0.005EPSS

2021-10-12 03:15 PM
25
cve
cve

CVE-2020-12525

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project...

7.8CVSS

7.9AI Score

0.001EPSS

2021-01-22 07:15 PM
51
5
cve
cve

CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The...

9.8CVSS

9.6AI Score

0.255EPSS

2020-10-27 05:15 PM
68
2
cve
cve

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40.....

8.8CVSS

8.9AI Score

0.829EPSS

2020-10-22 09:15 PM
100
4
cve
cve

CVE-2020-4575

IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is...

6.1CVSS

6.2AI Score

0.001EPSS

2020-08-27 01:15 PM
26
2
cve
cve

CVE-2020-5414

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are....

5.7CVSS

7.2AI Score

0.001EPSS

2020-07-31 08:15 PM
18
cve
cve

CVE-2020-4434

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM...

7.5CVSS

7.6AI Score

0.001EPSS

2020-06-10 01:15 PM
21
cve
cve

CVE-2020-4433

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force...

7.5CVSS

7.6AI Score

0.005EPSS

2020-06-10 01:15 PM
29
cve
cve

CVE-2020-4435

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID:...

7.5CVSS

7.6AI Score

0.001EPSS

2020-06-10 01:15 PM
23
cve
cve

CVE-2020-4436

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID:...

7.5CVSS

7.6AI Score

0.001EPSS

2020-06-10 01:15 PM
19
cve
cve

CVE-2020-4432

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID:...

7.5CVSS

7.6AI Score

0.001EPSS

2020-06-10 01:15 PM
23
cve
cve

CVE-2020-2946

Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...

6CVSS

6.7AI Score

0.001EPSS

2020-04-15 02:15 PM
18
cve
cve

CVE-2020-2614

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

6CVSS

6.8AI Score

0.001EPSS

2020-01-15 05:15 PM
29
cve
cve

CVE-2020-2673

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via.....

7.5CVSS

7.3AI Score

0.003EPSS

2020-01-15 05:15 PM
26
2
cve
cve

CVE-2019-11280

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can...

8.8CVSS

7.3AI Score

0.003EPSS

2019-09-20 07:15 PM
261
cve
cve

CVE-2019-8076

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current...

7.8CVSS

8.2AI Score

0.001EPSS

2019-09-12 07:15 PM
7741
cve
cve

CVE-2019-11276

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent...

5.4CVSS

7.3AI Score

0.001EPSS

2019-08-19 03:15 PM
22
cve
cve

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.3CVSS

6.9AI Score

0.001EPSS

2019-07-23 11:15 PM
21
cve
cve

CVE-2019-1876

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...

5.3CVSS

7AI Score

0.001EPSS

2019-06-20 03:15 AM
168
cve
cve

CVE-2019-2557

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to....

6.3CVSS

5.4AI Score

0.004EPSS

2019-04-23 07:32 PM
27
cve
cve

CVE-2019-3777

Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could...

9.8CVSS

7.5AI Score

0.005EPSS

2019-03-07 06:29 PM
20
cve
cve

CVE-2018-1675

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID:...

7.5CVSS

7AI Score

0.001EPSS

2019-02-04 09:29 PM
23
cve
cve

CVE-2018-3304

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated...

6.5CVSS

5.7AI Score

0.001EPSS

2019-01-16 07:29 PM
22
cve
cve

CVE-2018-3305

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker....

6.3CVSS

5.6AI Score

0.001EPSS

2019-01-16 07:29 PM
22
cve
cve

CVE-2018-11088

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF....

8.8CVSS

7.8AI Score

0.001EPSS

2018-09-17 04:29 PM
18
cve
cve

CVE-2018-1455

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...

8.8CVSS

8.2AI Score

0.002EPSS

2018-08-15 03:29 PM
22
cve
cve

CVE-2018-11044

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content...

6.5CVSS

7.1AI Score

0.001EPSS

2018-07-24 07:29 PM
18
cve
cve

CVE-2018-1278

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered....

6.5CVSS

7AI Score

0.001EPSS

2018-05-11 08:29 PM
22
Total number of security vulnerabilities56