Lucene search
K

107 matches found

CVE
CVE
added 2024/01/11 12:0 a.m.40 views

CVE-2023-51750

ScaleFusion 10.5.2 is affected by a vulnerability where the kiosk mode does not properly restrict users to the Edge application, allowing file downloads to occur. Public descriptions consistently report the issue and note the vendor’s stance that the product is not vulnerable if the default Windo...

4.6CVSS4.7AI score0.00286EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/01/11 12:0 a.m.43 views

CVE-2023-51748

ScaleFusion 10.5.2 is affected by a kiosk-mode security issue where Ctrl-O and Ctrl-S can bypass the Edge application restriction, potentially exposing the isolated environment. Root cause: insufficient access control in Scalefusion MDM Agent allowing users to access the file explorer. The issue ...

8.8CVSS8.4AI score0.00309EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 12:0 a.m.8 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

6.8AI score0.00286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/11 12:0 a.m.10 views

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

6.7AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.35 views

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

6.7AI score0.00186EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 9:30 p.m.29 views

Security Bulletin: IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKE...

6.5CVSS7AI score0.01198EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 12:0 a.m.30 views

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.

Summary IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to set a limit on the maximum size of file headers by Reader.Read. ...

7.5CVSS7.5AI score0.01544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 11:59 p.m.29 views

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.

Summary IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught exception in the parseDocument and parseAllDocuments functions. By sendi...

7.5CVSS7.2AI score0.01093EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/01 8:27 p.m.27 views

Security Bulletin: IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in CVE 2023-28154. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment feature by the...

9.8CVSS9.2AI score0.01421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 10:20 p.m.53 views

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...

7.8CVSS6.9AI score0.01048EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:50 a.m.44 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...

9.3CVSS9.6AI score0.02737EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:47 a.m.34 views

Security Bulletin: IBM Edge Application Manager is vulnerable to an Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') due to Node.js ejs

Summary IBM Edge Application Manager 4.5 addresses the vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused by a server-side template injection flaw in...

9.8CVSS9.7AI score0.32386EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:45 a.m.47 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23436 DESCRIPTION: Node.js immer module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw...

9.8CVSS8.4AI score0.0178EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:44 a.m.41 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of objec...

9.8CVSS9.8AI score0.03563EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:42 a.m.34 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-42740 DESCRIPTION: Node.js shell-quote module could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw with windows drive...

9.8CVSS9.7AI score0.0434EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:42 a.m.86 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...

8.6CVSS9.4AI score0.27392EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 7:8 p.m.22 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the interpolateName function in...

7.5CVSS8AI score0.02029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 7:7 p.m.49 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...

5.5CVSS5.4AI score0.00377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 7:5 p.m.23 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-33587 DESCRIPTION: An unspecified error related to the failure to ensure that attribute parsing has Linear Time Complexity in Node.js css-what module has an unknown impact and attack...

7.5CVSS7.2AI score0.02267EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 7:4 p.m.30 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, ...

9.8CVSS8.7AI score0.69062EPSS
Exploits1Affected Software1
Rows per page
Query Builder