Lucene search
K

44 matches found

Wallarm Lab
Wallarm Lab
added 2023/03/09 1:10 p.m.168 views

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. Weve already seen some fruits of that labor, such as the Q4-2022 and 2022 Year-End ThreatStats™ Report, and some very tasty product upgrades...

6.8CVSS10AI score0.98124EPSS
Exploits48
Veracode
Veracode
added 2022/11/02 7:20 a.m.21 views

Cross-site Scripting (XSS)

github.com/eolinker/apinto-dashboard is vulnerable to cross-site scriptingXSS attacks. A remote authenticated attacker is able to inject and execute malicious JavaScript on the victim's machine due to insufficient checks in /api/discoveries/ file...

6.1CVSS6.1AI score0.00552EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/18 8:55 p.m.18 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns are vulnerable to Clickjacking (CVE-2021-39038)

Summary IBM WebSphere Application Server is vulnerable to clickjacking when REST API discovery is configured through the WebSphere administrative console Web Container settings to enable the API Discovery service, or through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0,...

5.4CVSS5.8AI score0.00689EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/07 12:33 p.m.18 views

Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to Clickjacking (CVE-2021-39038)

Summary IBM WebSphere Application Server is vulnerable to clickjacking when REST API discovery is configured through the WebSphere administrative console Web Container settings to enable the API Discovery service, or through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0,...

5.4CVSS5.7AI score0.00689EPSS
Exploits0Affected Software1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/11/08 3:57 p.m.16 views

Discovering shadow APIs with a API firewall

Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not...

7.1AI score
Exploits0
Prion
Prion
added 2021/10/07 9:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API...

4CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Wallarm Lab
Wallarm Lab
added 2021/04/06 6:27 p.m.54 views

Wallarm API Discovery: Discover API endpoints automatically and secure them

What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed and you don’t even know? Are Swagger specs up to date? Teaser: Surely not. A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and...

0.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/10/19 5:0 p.m.17 views

Akamai Named Gartner Magic Quadrant Leader for Fourth Consecutive Year

Gartner published its 2020 Magic Quadrant for Web Application Firewalls WAFi and named Akamai a Leader for the fourth consecutive year. Gartner's high distinction is market recognition of our completeness of vision and ability to execute. This graphic was published by Gartner, Inc. as part of a...

Exploits0
Akamai Blog
Akamai Blog
added 2020/10/13 10:0 p.m.54 views

What's New in Web Security

With Akamai's web security portfolio, the top focus this October is on the web application firewall WAF, with exciting new capabilities: API Discovery and Adaptive Security Profiles. Along with the rest of the industry, Akamai has observed a long-term shift in the applications that we're...

0.1AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/10/13 10:0 p.m.52 views

API Discovery and Profiling -- Visibility to Protection

APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting internet-facing APIs -- an emerging practice over the past few years -- is the...

0.4AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/10/13 4:0 a.m.14 views

What's New in Web Security

With Akamai's web security portfolio, the top focus this October is on the web application firewall WAF, with exciting new capabilities: API Discovery and Adaptive Security Profiles...

1.4AI score
Exploits0
CVE
CVE
added 2020/06/19 1:14 p.m.52 views

CVE-2020-14458

Mattermost Server before 5.19.0 is affected. The issue allows attackers to discover private channels through the get channel by name API (MMSA-2020-0004), an information-disclosure vulnerability. Affected product is Mattermost Server; vulnerable component is the get channel by name API endpoint. ...

7.5CVSS7.5AI score0.01143EPSS
Exploits0References1Affected Software1
Qualys Blog
Qualys Blog
added 2018/11/17 12:11 a.m.69 views

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...

7.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.20 views

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Applciation Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud

Summary There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is ...

7.5CVSS1.9AI score0.1326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.29 views

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Summary There is an XML External Entity Injection XXE vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for...

10CVSS1AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.23 views

Security Bulletin: WebSphere Application Server Liberty API Discovery feature has potential vulnerability (CVE-2016-2945)

Summary There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. Vulnerability Details CVEID: CVE-2016-2945 DESCRIPTION: IBM WebSphere Application Server Liberty Profile using the API Discovery...

7.5CVSS7.2AI score0.0185EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2017/04/02 5:31 p.m.56 views

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier

Description: The RubyGems client supports a gem server API discovery functionality, which is used when pushing or pulling gems to a gem distribution/hosting server, like RubyGems.org. This functionality is provided via a SRV DNS request to the users gem source hostname prepended with...

6.8CVSS0.2AI score0.08934EPSS
Exploits1
NVD
NVD
added 2016/07/08 1:59 a.m.18 views

CVE-2016-2945

The API Discovery implementation in IBM WebSphere Application Server WAS 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document...

7.5CVSS7.4AI score0.0185EPSS
Exploits0References3
OSV
OSV
added 2016/07/08 1:59 a.m.1 views

CVE-2016-2945

The API Discovery implementation in IBM WebSphere Application Server WAS 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document...

7.5CVSS7.3AI score0.0185EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2016/07/08 1:59 a.m.3 views

CVE-2016-2945

The API Discovery implementation in IBM WebSphere Application Server WAS 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document...

7.5CVSS5.6AI score0.0185EPSS
Exploits0References4
Rows per page
Query Builder