5 matches found
CVE-2024-31873 IBM Security Verify Access Appliance information disclosure
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...
PT-2024-24261 · Ibm · Ibm Security Verify Access Appliance
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 Description: The issue concerns hard-coded credentials used by the appliance for its own inbound authentication, which could be obtained by a malicious actor. Recommendations...
Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request
Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...
UBUNTU-CVE-2023-35924
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...
PT-2023-4275 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.7 Description: The issue is related to a SQL injection attack that can be driven through the GLPI inventory endpoint, which by default requires no authentication. This allows a remote attacker to execute...