32 matches found
EUVD-2023-0494
Malicious code in bioql PyPI...
CVE-2023-28640
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
CVE-2022-47551
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...
io.apiman:apiman-distro-db (>=1.1.2.Final <=1.2.6.Beta3), io.apiman:apiman-distro-db-es (>=1.1.2.Final <=1.2.6.Beta3) +23 more potentially affected by CVE-2023-28640 via io.apiman:apiman-manager-api-rest-impl (>=1.1.2.Final <=3.0.0.RC6)
io.apiman:apiman-manager-api-rest-impl MAVEN version =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.6.Final, =1.2.2.Final, =1.2.2.Final, =1.2.2.Final, =1.1.2.Final, =1.2.1.Final, =1.1.5.Final, =1.1.2.Final, =1.2.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.2.0.Final and mor...
Apiman vulnerable to permissions bypass due to missing check on API key URL
Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...
GHSA-M6F8-HJRV-MW5F Apiman vulnerable to permissions bypass due to missing check on API key URL
Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...
CVE-2023-28640
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
Design/Logic Flaw
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
CVE-2023-28640
Summary: CVE-2023-28640 affects Apiman. A missing permissions check allowed an authenticated Apiman Manager user to access API keys they should not Permissions by guessing a URL that includes Organisation ID, Client ID, and Client Version. This is not trivial but possible via brute-forcing or gue...
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
Apiman 安全漏洞
Apiman is Apiman open source a flexible open source API management platform for enterprise users. A security vulnerability exists in versions prior to Apiman 3.1.0.Final that stems from a lack of permission checking. Attackers exploiting the vulnerability were able to access API keys to which the...
PT-2023-21868 · Apiman · Apiman
Name of the Vulnerable Software and Affected Versions: Apiman versions prior to 3.1.0.Final Description: Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may gain access to API keys they do not have permission for if they correctly guess the URL, which...
GHSA-Q95J-488Q-5Q3P Apiman Manager API affected by Jackson denial of service vulnerability
Impact Due to a vulnerability in jackson-databind = 2.12.6.0, an authenticated attacker could craft an Apiman policy configuration which, when saved, may cause a denial of service on the Apiman Manager API. This does not affect the Apiman Gateway. Patches Upgrade to Apiman 3.0.0.Final or later. I...
Apiman Manager API affected by Jackson denial of service vulnerability
Impact Due to a vulnerability in jackson-databind = 2.12.6.0, an authenticated attacker could craft an Apiman policy configuration which, when saved, may cause a denial of service on the Apiman Manager API. This does not affect the Apiman Gateway. Patches Upgrade to Apiman 3.0.0.Final or later. I...
Apiman has potential permissions bypass
Impact Incorrect default permissions for certain read-only resources in the Apiman 1.5.7.Final through 2.2.3.Final in the Apiman Manager REST API allows a remote authenticated attacker to access information and resources in an Apiman Organizations they are not a member of and/or do not have...
io.apiman:apiman-manager-api-micro (>=1.5.7.Final <=2.2.3.Final), io.apiman:apiman-manager-api-war (>=1.5.7.Final <=2.0.0.Final) +3 more potentially affected by CVE-2022-47551 via io.apiman:apiman-manager-api-rest-impl (>=1.5.7.Final <=2.2.3.Final)
io.apiman:apiman-manager-api-rest-impl MAVEN version =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =2.2.3.Final Source cves: CVE-2022-47551 Source advisory: OSV:GHSA-J94P-HV25-RM5G...
GHSA-J94P-HV25-RM5G Apiman has potential permissions bypass
Impact Incorrect default permissions for certain read-only resources in the Apiman 1.5.7.Final through 2.2.3.Final in the Apiman Manager REST API allows a remote authenticated attacker to access information and resources in an Apiman Organizations they are not a member of and/or do not have...
GHSA-Q2FJ-6H62-59M2 Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
Impact If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. Hazelcast is a transitive dependenc...