Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2024/04/10 3:58 p.m.30 views

CVE-2024-31873 IBM Security Verify Access Appliance information disclosure

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...

7.5CVSS6.7AI score0.01197EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-24261 · Ibm · Ibm Security Verify Access Appliance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 Description: The issue concerns hard-coded credentials used by the appliance for its own inbound authentication, which could be obtained by a malicious actor. Recommendations...

7.5CVSS9.4AI score0.01197EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/03 11:51 p.m.38 views

Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request

Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

10CVSS8.6AI score0.00815EPSS
Exploits0Affected Software2
OSV
OSV
added 2023/07/05 8:15 p.m.7 views

UBUNTU-CVE-2023-35924

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...

9.8CVSS5.9AI score0.52381EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/05 12:0 a.m.5 views

PT-2023-4275 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.7 Description: The issue is related to a SQL injection attack that can be driven through the GLPI inventory endpoint, which by default requires no authentication. This allows a remote attacker to execute...

10CVSS7.9AI score0.99628EPSS
Exploits27References160
Rows per page
Query Builder