198 matches found
Authentication flaw
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, perfor...
SAP NetWeaver Process Integration 访问控制错误漏洞
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An access control error...
CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
WordPress Plugin Kali Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-11862 · WordPress · Kali Forms
Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue arises from the update option lacking proper authentication checks, allowing any authenticated attacker to change or delete the plugin's settings. Thi...
CVE-2023-34228
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...
PT-2023-24753 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05 Description: The issue concerns missing authentication checks in JetBrains TeamCity, where two-factor authentication 2FA was not properly verified for certain sensitive account actions...
SAP NetWeaver AS Java Access Control Error Vulnerability
SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An access control error vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from the fact that ...
CVE-2023-26460 Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...
PT-2023-20653 · Sap · Sap Netweaver Application Server Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for Java version 7.50 Description: The Cache Management Service in SAP NetWeaver Application Server for Java does not perform authentication checks for functionalities that require user identity...
PT-2023-19674 · Sap · Sap Netweaver Application Server Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java for Classload Service version 7.50 Description: The issue results in escalation of privileges due to the lack of authentication checks for functionalities that require user identity. This has a low impact...
CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...
CVE-2022-20942
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...
CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks
Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...
CVE-2022-24083
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks...
Pegasystem Pega 安全漏洞
Pegasystem Pega is a Java-based business process management tool from the U.S. company Pegasystem. It is used to build enterprise applications. A security vulnerability exists in Pegasystem Pega that stems from a password authentication bypass vulnerability in local accounts that can be used to...
MELAG FTP Server Authentication Error Vulnerability
MELAG FTP Server is an FTP server from the German company MELAG. version 2.2.0.4 of MELAG FTP Server is vulnerable to an authentication error, which stems from incomplete authentication checks. A remote attacker could exploit the vulnerability to access local files with a valid username...
Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316
Summary An issue within MQ can allow required authorization checks to be omitted when applications are working with clustered queues. The issue is described by CVE-2022-22316. Vulnerability Details CVEID: CVE-2022-22316 DESCRIPTION: IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP Germany. SAP NetWeaver Application Server elevation of privilege vulnerability, which stems from a lack of authentication checks in the XML data archiving service, can be exploited by an attacker to cause an elevation of privilege...
Bareos Access Control Error Vulnerability
Bareos is a suite of open source data backup storage and recovery software from Bareos, a German company. Bareos suffers from an access control error vulnerability that stems from the fact that the affected product will completely skip authorization checks when built and configured for PAM...