CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

CVE-2020-3382

Cisco DCNM (Data Center Network Manager) suffers an authentication-bypass via the REST API caused by shared static encryption keys across installations. An unauthenticated, remote attacker could craft a valid session token and perform arbitrary actions with administrative privileges on affected d...

CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

CVE-2020-3384 Cisco Data Center Network Manager Command Injection Vulnerability

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...

CVE-2020-3386

CVE-2020-3386 concerns Cisco Data Center Network Manager (DCNM) REST API: an authenticated, low-privileged user can bypass API authorization due to insufficient access controls and perform arbitrary actions with administrative privileges. Affected are DCNM deployments exposing the REST API; multi...

CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...

CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager DCNM for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches...

Cisco Data Center Network Manager Command Injection Vulnerability

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...

Cisco Data Center Network Manager Improper Authorization Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...

Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

CVE-2020-2077

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...

CVE-2020-2076

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...

Default configuration

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...

Authentication flaw

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...

CVE-2020-2077

CVE-2020-2077 concerns SICK Package Analytics. The vulnerability arises from incorrect default permissions in SICK Package Analytics software, affecting versions up to and including V04.0.0, allowing an unauthorized remote attacker to read sensitive data via REST API queries. Some sources indicat...

CVE-2020-2077

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...

CVE-2020-2076

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...

CVE-2020-2076

CVE-2020-2076 affects SICK Package Analytics software up to and including version V04.0.0. The issue is an authentication bypass caused by direct REST API access, enabling an attacker to issue unauthorized requests and potentially write files without authentication. Public sources in the connecte...

GHSA-HX5G-8HQ2-8X4W SQL Injection in Kylin

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...