Lucene search
K

129 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 11:3 a.m.5 views

Security Bulletin: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality. (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447) affect IBM PowerVM Novalink.

Summary An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact. IBM PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecifie...

7.8CVSS6.6AI score0.0073EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/10 6:32 p.m.3 views

GHSA-R487-9VV5-75GG Magento Improper Authorization leading to security feature bypass

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a...

8.2CVSS6.7AI score0.00429EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 9:15 p.m.3 views

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

6CVSS5.7AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2025/05/28 9:15 p.m.4 views

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

4.9CVSS5.7AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 8:42 p.m.15 views

CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

6.9CVSS0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.12 views

CVE-2024-37344

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the sam...

4.5CVSS6.2AI score0.00268EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:55 p.m.23 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.5 views

PT-2024-29125 · Unknown · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.52 Description: The issue is a cross-site scripting vulnerability in the management console. Attackers with system administrator permissions can interfere with another system administrator's use of...

5.9CVSS6.4AI score0.00297EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/28 9:5 a.m.20 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms.

Summary Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms. Updates to IBM TXSeries for Multiplatforms have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE relate...

7.4CVSS6.8AI score0.01257EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/11/27 5:15 p.m.6 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

6.4CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/26 8:18 p.m.19 views

CVE-2024-6769 Medium to High Integrity Privilege Escalation in Microsoft Windows

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integri...

8.4CVSS6.6AI score0.0108EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.5 views

Microsoft多款产品 安全漏洞

Microsoft Windows and others are products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for use on personal devices.Microsoft Windows Server 2016 is a desktop operating system.Microsoft Windows Server 2019 is a desktop operating system. A security vulnerability exis...

8.4CVSS6.5AI score0.0108EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/20 3:48 p.m.22 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities in IBM Java SDK, Java Technology Edition

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecifie...

7.4CVSS5.7AI score0.01136EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 7:54 p.m.28 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in updates. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity...

7.5CVSS8.1AI score0.03754EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-4763

The Windows File Explorer is affected by a privilege escalation issue, which allows attackers to gain access to a user's NetNTLM hash from any session on the computer, even with low-privileged user rights. This issue is related to unnecessary permissions being set in Access Security when...

7.8CVSS8.6AI score0.04515EPSS
Exploits0References28
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:33 a.m.52 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Spectrum Control which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...

7.5CVSS7.2AI score0.014EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/06/20 6:15 p.m.2 views

CVE-2024-37351

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same manageme...

3.4CVSS5.7AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2024/06/20 6:15 p.m.4 views

CVE-2024-37352

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

3.4CVSS5.7AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2024/06/20 5:15 p.m.4 views

CVE-2024-37348

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...

3.4CVSS5.8AI score0.00268EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 3:28 p.m.40 views

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software10
Rows per page
Query Builder