Design/Logic Flaw

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

CVE-2018-12544

CVE-2018-12544 affects Eclipse Vert.x OpenAPI XML type validator (versions 3.5.Beta1–3.5.3). The vulnerability stems from creating XML parsers without proper defenses against XML attacks, enabling XML External Entity (XXE) exploitation. Public references (Veracode, Red Hat advisory RHSA-2018:2946...

API Gateway -- Secure API Traffic with OAuth 2.0 and Cache GraphQL Responses

APIs are the connective tissue between software and modern digital experiences, and they must be exposed to consumers in a way that prevents misuse. This means your APIs must have appropriate governance authorization, authentication, quota management policies to prevent consumers from abusing API...

Qualys WAS Introduces Swagger Support for REST API Security Testing

In the world of application security, testing REST APIs for security flaws is important because APIs can have many of the same application-layer vulnerabilities as browser-based web applications. Examples are SQL injection, command injection, and remote code execution. With the recent release of...

Value of Integrations Highlighted At Fortinet’s Accelerate 18 Conference

Changing the hearts and minds of security teams is no easy task. Everyone has been told for so long how to protect their environment, and more importantly how to buy the various tools needed to enable that protection. Collectively we’ve adopted the unintentional job of assuming all these things...

CVE-2017-1000207

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

CVE-2007-6500

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp...

Design/Logic Flaw

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp...

Sql injection

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 email and 2 loginname parameters to Hosting/Addreseller.asp, 3 the sortfield parameter to accounts/accountmanager.asp, 4 the...

CVE-2007-6498

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 email and 2 loginname parameters to Hosting/Addreseller.asp, 3 the sortfield parameter to accounts/accountmanager.asp, 4 the...

CVE-2007-6500

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp...

CVE-2007-6500

CVE-2007-6500 affects Hosting Controller 6.1 Hot fix 3.3 and earlier. Affected component: OpenApi/GatewayVariables.asp, where remote authenticated users can delete gateway information. Root cause is an unspecified vulnerability allowing authenticated actions to impact gateway data. CVSSv2 base sc...