593 matches found
ProLion CryptoSpike Security Vulnerability
ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2, which stems from a vulnerability that allows a remotely blocked user to log in and obtain an authentication token by specifying a...
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...
RHEL 9 : grafana (RHSA-2023:6420)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6420 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana:...
Rocky Linux 9 : pcs (RLSA-2022:6313)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6313 advisory. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS...
ASUS RT-AX55 Security Breach
The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering in the check token module of authentication-related functions. The vulnerability can be exploited to cause command...
CVE-2023-4939 SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...
The vulnerability of the application-specific SAML interface of the Cisco Catalyst SD-WAN Manager centralized network management system allows a perpetrator to gain access to the application.
The vulnerability of the application software interface for the Single Sign-On module of the Cisco Catalyst SD-WAN Manager centralized network management system is related to errors during authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the...
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
Cisco Catalyst SD-WAN Manager 授权问题漏洞
Cisco vManage is a highly customizable control panel that simplifies and automates Cisco SD-WAN deployment, configuration, management and operations. An unauthorized access vulnerability exists in Cisco Catalyst SD-WAN Manager in versions 20.9.3.2 and 20.11.1.2. The vulnerability is due to failur...
CVE-2023-40343
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...
PT-2023-27401 · Jenkins · Jenkins Tuleap Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Authentication Plugin versions 1.1.20 and earlier Description: The issue concerns a non-constant time comparison function used when validating an authentication token, allowing attackers to potentially use statistical methods t...
Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)
Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...
CVE-2023-36000
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...
CVE-2023-35998
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...
Authorization
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...
Authorization
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...
CVE-2023-36000 ITM Server Missing Authorization for Agent Config
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...
CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...