2198 matches found
CVE-2019-6510
An issue was discovered in creditease-sec insight through 2018-09-11. userdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6507
An issue was discovered in creditease-sec insight through 2018-09-11. loginuserdelete in srcpm/app/admin/views.py allows CSRF...
Cross site request forgery (csrf)
An issue was discovered in creditease-sec insight through 2018-09-11. userdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6510
An issue was discovered in creditease-sec insight through 2018-09-11. userdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6508
An issue was discovered in creditease-sec insight through 2018-09-11. rolepermdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6509
An issue was discovered in creditease-sec insight through 2018-09-11. departdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6507
An issue was discovered in creditease-sec insight through 2018-09-11. loginuserdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6510
An issue was discovered in creditease-sec insight through 2018-09-11. userdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6509
An issue was discovered in creditease-sec insight through 2018-09-11. departdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6508
An issue was discovered in creditease-sec insight through 2018-09-11. rolepermdelete in srcpm/app/admin/views.py allows CSRF...
CVE-2019-6507
CVE-2019-6507: A CSRF flaw was reported in creditease-sec insight through 2018-09-11, specifically in login_user_delete within srcpm/app/admin/views.py. The NVD entry attributes a CVSS‑3.0 base score of 8.8 (HIGH impact) with network attack, low complexity, no privileges required, and user intera...
CVE-2019-6510
The CVE-2019-6510 entry describes a CSRF weakness in creditease-sec insight up to 2018-09-11, specifically in the user_delete function of srcpm/app/admin/views.py. The issue arises from lack of sufficient CSRF protection, enabling potential unauthorized state-changing requests. CVSS data from NVD...
CVE-2019-6509
CVE-2019-6509 affects creditease-sec insight (through 2018-09-11). The vulnerability lies in depart_delete within srcpm/app/admin/views.py, which allows Cross-Site Request Forgery (CSRF). The available sources confirm the CSRF weakness but do not specify affected versions, exact exploit condition...
CVE-2019-6508
CVE-2019-6508 affects creditease-sec insight (through 2018-09-11). The issue is in role_perm_delete in srcpm/app/admin/views.py and is a CSRF vulnerability. The NVD entry lists this as a CSRF weakness with CVSS metrics: CVSS v2 base score 6.8 (Partial confidentiality, integrity, availability) and...
Certificate Based Authentication on Gateway Insight
With Client Authentication enabled on an SSL virtual server, the NetScaler appliance asks for the Client Certificate during the SSL handshake. The appliance checks the certificate presented by the client for normal constraints, such as the issuer signature and expiration date. Here are some use...
IBM i2 Enterprise Insight Analysis Clickjacking Vulnerability
IBM i2 Enterprise Insight Analysis is a suite of data analytics and integration solutions from IBM USA. The product is characterized by interoperability and scalability. A clickjacking vulnerability exists in IBM i2 Enterprise Insight Analysis version 2.1.7, which can be exploited by remote...
IBM i2 Enterprise Insight Analysis Information Disclosure Vulnerability (CNVD-2018-26230)
IBM i2 Enterprise Insight Analysis is a suite of data analytics and integration solutions from IBM USA. The product is characterized by interoperability and scalability. An information disclosure vulnerability exists in IBM i2 Enterprise Insight Analysis version 2.1.7, which originates when a...
CVE-2018-1525
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...
CVE-2018-1505
IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413...
Information disclosure
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...