Debian: Security Advisory (DLA-2499-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sympa < 6.2.60 SOAP API Vulnerability

Sympa is prone to an authentication bypass vulnerability in the SOAP API. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Authorization Bypass

sympa is vulnerable to authorization bypass. The vulnerability exists as remote attackers can obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

DEBIAN-CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

UBUNTU-CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

Code injection

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

CVE-2020-29668

CVE-2020-29668 affects Sympa prior to 6.2.59b.2. The issue allows remote attackers to obtain full SOAP API access by sending an arbitrary string (except one from an expired cookie) as the cookie value to the authenticateAndRun endpoint. The public description in the initial document confirms the ...

sympa -- Unauthorised full access via SOAP API due to illegal cookie

Sympa community reports: Unauthorised full access via SOAP API due to illegal cookie...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability (cisco-sa-FND-AUTH-vEypBmmR)

An authorization bypass vulnerability exists in Cisco IoT Field Network Director IoT-FND due to insufficient authorization in the SOAP API. An authenticated, remote attacker can exploit this, via SOAP API requests, to bypass authorization and access and modify information on devices that belong t...

CVE-2020-26072

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

Authorization

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

CVE-2020-26072

Cisco IoT Field Network Director (FND) SOAP API has an authorization bypass vulnerability (CVE-2020-26072). An authenticated, remote attacker can send SOAP requests to devices outside their authorized domain, due to insufficient SOAP API authorization. Impact: attacker could access and modify inf...

CVE-2020-26072 Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

CVE-2020-26072 Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

CVE-2020-25966

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...

CVE-2020-25966

Sectona Spectra (before 3.4.0) exposes a vulnerable SOAP API endpoint that can disclose sensitive information about provisioned assets, including login credentials, without proper authentication by manipulating the pAccountID value. This has been reported across multiple sources (Red Hat, CNVD, C...

CVE-2020-25966

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...