Lucene search
K

315 matches found

Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-2727 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.18 Mastodon versions prior to 4.0.14 Mastodon versions prior to 4.1.14 Mastodon versions prior to 4.2.6 Description: The issue is related to the implementation of CAS, SAML, and OpenID Connect protocols in...

7.4CVSS7.1AI score0.00477EPSS
Exploits1References11
NVD
NVD
added 2024/02/09 11:15 p.m.19 views

CVE-2024-23324

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...

8.6CVSS8.7AI score0.006EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 10:48 p.m.25 views

CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...

8.6CVSS8.8AI score0.006EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.5 views

The vulnerability of the SAP NetWeaver software integration platform and the SAP Web Dispatcher web dispatcher lies in the lack of proper input validation when querying an external authentication server. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the SAP NetWeaver software integration platform and the SAP Web Dispatcher web dispatcher is related to the lack of proper input validation when requesting external server authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

7.8CVSS7.2AI score0.00326EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 5:31 p.m.42 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

9.8CVSS9.2AI score0.46836EPSS
Exploits5Affected Software1
NVD
NVD
added 2023/09/05 12:15 a.m.16 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

5.5CVSS5.9AI score0.0018EPSS
Exploits0References4
OSV
OSV
added 2023/09/05 12:15 a.m.5 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 2023/09/04 11:57 p.m.46 views

CVE-2023-32338

CVE-2023-32338 affects IBM Sterling Secure Proxy and IBM Sterling External Authentication Server (versions 6.0.3 and 6.1.0). The root cause is storing user credentials in plain text, readable by a local user with container access. Reported impact is credential disclosure with high confidentiality...

5.5CVSS4.9AI score0.0018EPSS
Exploits0References4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 7:12 p.m.41 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

9.8CVSS9.6AI score0.22709EPSS
Exploits3Affected Software1
Citrix
Citrix
added 2023/08/31 12:0 a.m.9 views

"Not authorized to execute this command" error for External Authentication System User

After login ADC management GUI using local AD user, belowError message prompt: "2 errors encountered. Not authorized to execute this command show ns license Not authorized to execute this command show ns feature"...

7.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/29 3:45 a.m.34 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerabl...

6.5CVSS6.4AI score0.03028EPSS
Exploits0Affected Software1
Cisco
Cisco
added 2023/04/19 4:0 p.m.54 views

Cisco Modeling Labs External Authentication Bypass Vulnerability

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...

9.1CVSS9.4AI score0.00895EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.5 views

PT-2023-2555 · Cisco · Cisco Modeling Labs

Name of the Vulnerable Software and Affected Versions: Cisco Modeling Labs affected versions not specified Description: The issue is related to the external authentication mechanism of Cisco Modeling Labs, which can be exploited by an unauthenticated, remote attacker to access the web interface...

9.7CVSS7AI score0.00895EPSS
Exploits0References9
Citrix
Citrix
added 2023/04/07 12:0 a.m.8 views

Citrix Hypervisor - Unable to join server to existing pool

Unable to join the server to pool. Error from xencenter: "The server was unable to contact your domain server to enable external authentication. Check that your settings are correct and a route to the server exists."...

7AI score
Exploits0
Amazon
Amazon
added 2023/04/05 12:0 a.m.31 views

Low: openvpn

Issue Overview: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.8CVSS8AI score0.03519EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.10 views

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server SEAS authentication and authorization server lies in the use of cryptographic algorithms that have vulnerabilities during installation. Exploiting this vulnerability can allow a...

2.3CVSS6AI score0.00119EPSS
Exploits0References6Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.4 views

SUSE CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

5.6CVSS7.2AI score0.00873EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.5 views

SUSE CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

8.8CVSS7.1AI score0.01681EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.3 views

SUSE CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS9.9AI score0.57453EPSS
Exploits3References34
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-28146

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team...

6.5CVSS7.6AI score0.01397EPSS
Exploits0References14
Rows per page
Query Builder