Lucene search
K

142 matches found

NVD
NVD
added 2025/05/22 5:15 p.m.18 views

CVE-2025-33137

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security...

8.8CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 4:36 p.m.11 views

CVE-2025-33137 IBM Aspera Faspex data modification

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security...

7.1CVSS6.6AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 4:36 p.m.68 views

CVE-2025-33137

Affected product: IBM Aspera Faspex 5 (versions 5.0.0–5.0.12). Vulnerability cause: client-side enforcement of server-side security enables an authenticated user to access sensitive information or perform actions on behalf of another user. Impact: potential disclosure of sensitive data and unauth...

8.8CVSS6.6AI score0.00287EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/13 2:10 a.m.22 views

CVE-2025-4527

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

6.3CVSS5.1AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2025/05/11 3:15 a.m.12 views

CVE-2025-4527

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

6.3CVSS0.00446EPSS
Exploits0References5
CVE
CVE
added 2025/05/11 2:0 a.m.50 views

CVE-2025-4527

The CVE-2025-4527 entry concerns Dígitro NGC Explorer 3.44.15 and the Password Transmission Handler component. Public records describe a vulnerability that causes client-side enforcement of server-side security, with remote initiation, high attack complexity, and difficult exploitation. Multiple ...

6.3CVSS5.1AI score0.00446EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/05/11 2:0 a.m.20 views

CVE-2025-4527 Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

6.3CVSS0.00446EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/04/07 12:21 a.m.24 views

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

8.8CVSS7.3AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/04/05 9:15 p.m.27 views

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

8.8CVSS0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/04/05 12:0 a.m.6 views

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

4.8CVSS7.2AI score0.00273EPSS
Exploits0References3
CVE
CVE
added 2025/04/05 12:0 a.m.87 views

CVE-2025-32359

The CVE-2025-32359 entry concerns Zammad 6.4.x prior to 6.4.2, where a security check (re-authentication with the current password when changing two-factor authentication settings) is enforced only on the front end and not when calls are made via the API. Affected software: Zammad 6.4.0–6.4.1 (6....

8.8CVSS7.3AI score0.00273EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/05 12:0 a.m.25 views

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

4.8CVSS0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/05 12:0 a.m.5 views

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.4.2, which stems from client-side enforcement of server-side security and could lead to bypassing a two-factor authentication configuration...

8.8CVSS6.7AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/11 2:54 p.m.5 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

4.3CVSS5AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:32 p.m.10 views

CVE-2020-26174

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser client-side and can be circumvented. This allows an attacker to upload any file as an...

8.8CVSS6.7AI score0.01234EPSS
Exploits1
NVD
NVD
added 2025/01/22 4:15 p.m.19 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

6.4CVSS0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 12:0 a.m.11 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

0.0016EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/22 12:0 a.m.6 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

7.3AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2024/11/26 4:36 p.m.1 views

Client-Side Enforcement of Server-Side Security

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security due to improper implementation of password policy validations in the /api/v1/user/accept-invite endpoint. An attacker can...

8.8CVSS6.9AI score0.00536EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 7:15 p.m.7 views

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

8.8CVSS5.8AI score0.02744EPSS
Exploits1References1
Rows per page
Query Builder