Lucene search
K

320 matches found

BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.10 views

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server SEAS authentication and authorization server lies in the use of cryptographic algorithms that have vulnerabilities during installation. Exploiting this vulnerability can allow a...

2.3CVSS6AI score0.00119EPSS
Exploits0References6Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.4 views

SUSE CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

5.6CVSS7.2AI score0.00873EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.5 views

SUSE CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

8.8CVSS7.1AI score0.01681EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.3 views

SUSE CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS9.9AI score0.57453EPSS
Exploits3References34
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-28146

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team...

6.5CVSS7.6AI score0.01397EPSS
Exploits0References14
CNVD
CNVD
added 2023/02/09 12:0 a.m.30 views

IBM Sterling External Authentication Server Encryption Issue Vulnerability

IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 7:15 p.m.9 views

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

5.5CVSS5.5AI score0.00119EPSS
Exploits0References2
Prion
Prion
added 2023/02/08 7:15 p.m.22 views

Authentication flaw

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

1.7CVSS5.8AI score0.00119EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/08 6:24 p.m.16 views

CVE-2022-35720 IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

2.3CVSS6.2AI score0.00119EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/08 6:24 p.m.35 views

CVE-2022-35720 IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

2.3CVSS5.4AI score0.00119EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 6:24 p.m.73 views

CVE-2022-35720

CVE-2022-35720 affects IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3, due to use of weaker-than-expected cryptographic algorithms during installation, which could let a local attacker decrypt sensitive information. Remediation references in IBM advisories s...

5.5CVSS4.2AI score0.00119EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.7 views

IBM Sterling External Authentication Server 加密问题漏洞

IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...

5.5CVSS6.6AI score0.00119EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 6:58 p.m.47 views

Security Bulletin: IBM Sterling External Authentication Server vulnerable to denial of service due to Apache Xerces2 (CVE-2022-23437)

Summary IBM Sterling External Authentication Server 6.0.3.0 contains Apache Xerces2, which is vulnerable to a denial of service attack. This vulnerability is addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:51 p.m.35 views

Security Bulletin: Multiple vulnerabilities affect IBM Sterling External Authentication Server

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server. These vulnerabilities have been addressed in the latest iFix. Vulnerability Details CVEID:CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of service, caused by a ReDoS regular...

7.5CVSS7.7AI score0.01705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:18 p.m.110 views

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

7.1CVSS6.6AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 1:23 p.m.30 views

Security Bulletin: IBM Sterling External Authentication Server vulnerable to unspecified issue due to Java SE (CVE-2021-2163)

Summary A Java vulnerability affects IBM Sterling External Authentication Server. Issue has been addressed. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no...

5.3CVSS5.4AI score0.03566EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/11/14 7:0 p.m.18 views

GHSA-W8FP-3GWQ-GXPW Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

8.8CVSS8.8AI score0.0044EPSS
Exploits0References7
Prion
Prion
added 2022/11/14 5:15 p.m.10 views

Cross site request forgery (csrf)

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

6.8CVSS8.8AI score0.0044EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.6 views

PT-2022-27009 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS affected versions not specified Description: The issue is related to a lack of the State parameter for the external Concrete authentication service, specifically affecting users who utilize the "out of the box" core OAuth. This...

8.8CVSS7.1AI score0.0044EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.27 views

PortlandLabs Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a security vulnerability that stems from a lack of state parameters in the external authentication service, which makes it susceptible to CSRF...

8.8CVSS7.9AI score0.0044EPSS
Exploits0References7
Rows per page
Query Builder