Lucene search
+L

198 matches found

prion
prion
added 2023/07/11 3:15 a.m.20 views

Authentication flaw

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, perfor...

6.5CVSS7.6AI score0.00392EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2023/07/11 12:0 a.m.5 views

SAP NetWeaver Process Integration 访问控制错误漏洞

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An access control error...

6.5CVSS6.6AI score0.00575EPSS
Exploits0References3
nvd
nvd
added 2023/06/07 2:15 a.m.28 views

CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

7.1CVSS6.8AI score0.00793EPSS
Exploits1References3
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.8 views

WordPress Plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS7.1AI score0.00793EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/06/07 12:0 a.m.7 views

PT-2023-11862 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue arises from the update option lacking proper authentication checks, allowing any authenticated attacker to change or delete the plugin's settings. Thi...

7.1CVSS6.9AI score0.00793EPSS
Exploits1References5
osv
osv
added 2023/05/31 2:15 p.m.7 views

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...

6.5CVSS6.6AI score0.004EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/05/31 12:0 a.m.6 views

PT-2023-24753 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05 Description: The issue concerns missing authentication checks in JetBrains TeamCity, where two-factor authentication 2FA was not properly verified for certain sensitive account actions...

6.5CVSS6.5AI score0.004EPSS
Exploits0References4
cnvd
cnvd
added 2023/03/16 12:0 a.m.27 views

SAP NetWeaver AS Java Access Control Error Vulnerability

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An access control error vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from the fact that ...

6.1AI score0.00578EPSS
Exploits0Affected Software1
vulnrichment
vulnrichment
added 2023/03/14 4:56 a.m.8 views

CVE-2023-26460 Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...

5.3CVSS5.5AI score0.00476EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/03/14 12:0 a.m.7 views

PT-2023-20653 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for Java version 7.50 Description: The Cache Management Service in SAP NetWeaver Application Server for Java does not perform authentication checks for functionalities that require user identity...

5.3CVSS5.3AI score0.00476EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/03/14 12:0 a.m.15 views

PT-2023-19674 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java for Classload Service version 7.50 Description: The issue results in escalation of privileges due to the lack of authentication checks for functionalities that require user identity. This has a low impact...

5.3CVSS5.4AI score0.00578EPSS
Exploits0References4
cvelist
cvelist
added 2022/12/28 7:0 a.m.41 views

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

9.2CVSS9.4AI score0.00331EPSS
Exploits1References2
nvd
nvd
added 2022/11/04 6:15 p.m.20 views

CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...

6.5CVSS0.00891EPSS
Exploits0References1
cvelist
cvelist
added 2022/09/26 1:55 p.m.24 views

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

8.4CVSS8.6AI score0.00226EPSS
Exploits0References3
nvd
nvd
added 2022/07/25 5:15 p.m.18 views

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks...

9.8CVSS0.00783EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/07/25 12:0 a.m.17 views

Pegasystem Pega 安全漏洞

Pegasystem Pega is a Java-based business process management tool from the U.S. company Pegasystem. It is used to build enterprise applications. A security vulnerability exists in Pegasystem Pega that stems from a password authentication bypass vulnerability in local accounts that can be used to...

9.8CVSS8.3AI score0.00783EPSS
Exploits0References2
cnvd
cnvd
added 2022/06/28 12:0 a.m.53 views

MELAG FTP Server Authentication Error Vulnerability

MELAG FTP Server is an FTP server from the German company MELAG. version 2.2.0.4 of MELAG FTP Server is vulnerable to an authentication error, which stems from incomplete authentication checks. A remote attacker could exploit the vulnerability to access local files with a valid username...

7.5CVSS3.9AI score0.01615EPSS
Exploits1References1
ibm
ibm
added 2022/05/12 7:51 p.m.27 views

Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316

Summary An issue within MQ can allow required authorization checks to be omitted when applications are working with clustered queues. The issue is described by CVE-2022-22316. Vulnerability Details CVEID: CVE-2022-22316 DESCRIPTION: IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated...

6.5CVSS1.8AI score0.00945EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2022/04/12 12:0 a.m.4 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP Germany. SAP NetWeaver Application Server elevation of privilege vulnerability, which stems from a lack of authentication checks in the XML data archiving service, can be exploited by an attacker to cause an elevation of privilege...

7.5CVSS7.8AI score0.00962EPSS
Exploits0References4
cnvd
cnvd
added 2022/03/17 12:0 a.m.49 views

Bareos Access Control Error Vulnerability

Bareos is a suite of open source data backup storage and recovery software from Bareos, a German company. Bareos suffers from an access control error vulnerability that stems from the fact that the affected product will completely skip authorization checks when built and configured for PAM...

9.8CVSS2.8AI score0.01996EPSS
Exploits1References1
Rows per page
Query Builder