Lucene search
K

107 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.9 views

CVE-2023-51749

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

8.8CVSS6.8AI score0.00309EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:26 a.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager.

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 4.5.9. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt jwt-go could allow a remote attacker to obtain sensitive information, caused by improper error handling in ParseWithClaims. By sending a...

8.7CVSS7.1AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 6:9 p.m.12 views

Security Bulletin: IBM Edge Application Manager is vulnerable to an authorization bypass.

Summary IBM Edge Application Manager is vulnerable to an authorization bypass CVE-2024-45337. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentatio...

9.1CVSS6.7AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 2:50 p.m.34 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

7.5CVSS7.8AI score0.00932EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 1:6 p.m.25 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 2:33 p.m.77 views

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...

7.8CVSS7.6AI score0.01429EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 8:36 p.m.36 views

Security Bulletin: IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

9.8CVSS7.8AI score0.01422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 4:26 p.m.28 views

Security Bulletin: IBM Edge Application Manager 4.5.4 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.4 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport...

7.3CVSS6.9AI score0.93305EPSS
Exploits5Affected Software1
NVD
NVD
added 2024/01/11 2:15 p.m.26 views

CVE-2023-51749

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

8.8CVSS8.6AI score0.00309EPSS
Exploits1References3
NVD
NVD
added 2024/01/11 2:15 p.m.21 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.6CVSS4.8AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 2024/01/11 2:15 p.m.17 views

CVE-2023-51748

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

8.8CVSS8.5AI score0.00309EPSS
Exploits1References3
Prion
Prion
added 2024/01/11 2:15 p.m.18 views

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.3CVSS7.1AI score0.00309EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/01/11 2:15 p.m.23 views

Code injection

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

4.6CVSS7AI score0.00186EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/01/11 2:15 p.m.19 views

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

2.1CVSS7.1AI score0.00286EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.32 views

CVE-2023-51748

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

8.7AI score0.00309EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.3 views

Scalefusion kiosk security vulnerability

ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which originates from a searchable tooltip and results in the inability to properly restrict users from using the Edge...

8.8CVSS6.7AI score0.00309EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.32 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

5.1AI score0.00286EPSS
Exploits0References3
CVE
CVE
added 2024/01/11 12:0 a.m.45 views

CVE-2023-51749

ScaleFusion 10.5.2 is affected by a design/logic flaw where a search can be performed from a tooltip, allowing users to bypass restrictions and access the Edge application. This stems from inadequate access control in the Scalefusion MDM Agent and can enable exploitation locally via the tooltip s...

8.8CVSS8.5AI score0.00309EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/01/11 12:0 a.m.40 views

CVE-2023-51750

ScaleFusion 10.5.2 is affected by a vulnerability where the kiosk mode does not properly restrict users to the Edge application, allowing file downloads to occur. Public descriptions consistently report the issue and note the vendor’s stance that the product is not vulnerable if the default Windo...

4.6CVSS4.7AI score0.00286EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/01/11 12:0 a.m.43 views

CVE-2023-51748

ScaleFusion 10.5.2 is affected by a kiosk-mode security issue where Ctrl-O and Ctrl-S can bypass the Edge application restriction, potentially exposing the isolated environment. Root cause: insufficient access control in Scalefusion MDM Agent allowing users to access the file explorer. The issue ...

8.8CVSS8.4AI score0.00309EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder