544 matches found
The vulnerability of the integration component of the Magento Commerce software development and management platform, related to authentication errors, allows a malicious user to delete CMS pages via the REST API without authentication.
The vulnerability of the integration component of the Magento Commerce software for developing and managing online stores is related to authentication errors. Exploiting this vulnerability allows a malicious actor to delete CMS pages through the REST API without authentication...
IBM UrbanCode Deploy Security Bypass Vulnerability (CNVD-2020-63484)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...
CVE-2020-5943
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...
Design/Logic Flaw
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...
CVE-2020-5943
CVE-2020-5943 affects F5 BIG-IP when using the iControl REST interface. In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, protected fields are obfuscated in REST responses instead of being protected by a SecureVault cryptogram (unlike TMSH), potentially exposing sensitive data such as the GTM mo...
CVE-2020-5943
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...
VulnCheck KEV: CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
CVE-2020-15374
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input...
McAfee Web Gateway Elevation of Privilege Vulnerability (CNVD-2020-52199)
McAfee Web Gateway is a high-performance secure Web gateway with best-in-class threat protection in a unified appliance software architecture. An elevation of privilege vulnerability exists in McAfee Web Gateway versions prior to 9.2.1. The vulnerability stems from improper access control of the...
CVE-2020-7294
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface...
CVE-2020-7294
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface...
Privilege escalation
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface...
CVE-2020-7294 Web Gateway (MWG) - Privilege Escalation vulnerability
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface...
CVE-2020-7294
CVE-2020-7294 affects McAfee Web Gateway (MWG) prior to 9.2.1. The issue is an elevation of privilege due to improper access controls in the REST interface, allowing an authenticated UI user to delete or download protected files. Root cause: REST interface access control weaknesses. Impact: privi...
Infinispan: REST and HotRod APIs unsecured locally by default
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
CVE-2020-3386
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...
Cisco Data Center Network Manager Command Injection Vulnerability
Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A security vulnerability exists in the REST API endpoint in Cisco DCNM versions...
keycloak: cross-realm user access auth bypass
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...
The vulnerability of the class-wp-rest-posts-controller function in the WordPress content management system, related to insecure privilege management, allows attackers to compromise data integrity.
The vulnerability of the class-wp-rest-posts-controller function in the WordPress content management system is related to an authentication error that allowed users to mark messages as fixed through the REST API. Exploiting this vulnerability could enable a malicious actor to compromise data...
CVE-2020-3248
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...