CVE-2022-33681

A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle MITM attack, manipulating network traffic and gaining the client's authentication data...

GHSA-C5FP-X2H5-VJV7 Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

Authentication flaw

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

PT-2022-21797 · Apache · Apache Pulsar Java Client

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Java Client versions 2.6.4 and earlier Apache Pulsar Java Client versions 2.7.0 through 2.7.4 Apache Pulsar Java Client versions 2.8.0 through 2.8.3 Apache Pulsar Java Client versions 2.9.0 through 2.9.2 Apache Pulsar Java Clien...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager has a cross-site scripting vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server cou...

Authentication Risks Discovered in Okta Platform

Researchers at Authomize have discovered four “high impact” security risks in the identity and access management IAM platform Okta, according to a Tuesday report. The risks include cleartext password leakage via SCIM – the System for Cross-domain Identity Management – sharing of passwords and oth...

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

GHSA-P9RV-QGQW-JX2W MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

ROS-20220516-30

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...

Jupyter Notebook 日志信息泄露漏洞

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A log information disclosure vulnerability exists in Jupyter Notebook versions prior to 6.4.9, which stems from an unauthorized participant being able to access sensitive...

PT-2022-3565 · Jetbrains · Jetbrains Hub

Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2022.1.14434 Description: The issue is related to insufficient authentication data verification in JetBrains Hub, allowing a remote attacker to exploit the vulnerability and gain access to confidential data,...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...

CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...