Lucene search
K

211 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/07/28 6:16 a.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

6.1CVSS5.1AI score0.42326EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/18 12:0 a.m.42 views

Swagger UI 3.14.0 < 3.38.0 Cross-Site Scripting

Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting XSS vulnerability due to an outdated DomPurify embedded library and a feature available in the Swagger UI library itself whic...

6.2AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/05/24 5:4 p.m.6 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000229 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000229 Source advisory: OSV:GHSA-H8WP-WGCQ-QHRF...

6.1CVSS6.6AI score0.04036EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 8:39 p.m.25 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

6.1CVSS2.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 8:38 p.m.33 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

6.1CVSS3.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/18 4:56 p.m.33 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0,...

6.1CVSS0.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/05 5:33 p.m.51 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS1AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/18 6:59 p.m.12 views

Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to phishing attacks due to Swagger UI (CVE number(s) 221508)

Summary Swagger UI is used by IBM Answer Retrieval for Watson Discovery. CVE numbers 221508. The fix upgrades to Swagger UI v4.6.2. Vulnerability Details Third Party Entry: 221508 DESCRIPTION: Swagger UI could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

1.7AI score
Exploits0Affected Software1
Veracode
Veracode
added 2022/03/14 6:3 a.m.42 views

Spoofing Attack

swagger-ui-react is vulnerable to spoofing attack. The vulnerability allows remote attackers to acquire remote OpenAPI definitions by persuading the victim to open a specifically crafted URL...

4.3CVSS5.3AI score0.42326EPSS
Exploits4References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/03/12 12:0 a.m.6 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.0.1) +2356 more potentially affected by CVE-2018-25031 via org.webjars:swagger-ui (>=2.0.17 <=4.1.3-1)

org.webjars:swagger-ui MAVEN version =2.0.17, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =5.4.0, =8.0.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base =8.0.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-elastic-test-utilities =8.0.0 -...

4.3CVSS6.6AI score0.42326EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.36 views

Spoofing attack in swagger-ui-dist

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

6.1CVSS4.8AI score0.01472EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/03/12 12:0 a.m.2 views

GHSA-6C9X-MJ3G-H47X Spoofing attack in swagger-ui-dist

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

6.1CVSS6.9AI score0.01472EPSS
Exploits0References5
OSV
OSV
added 2022/03/12 12:0 a.m.6 views

GHSA-CR3Q-PQGQ-M8C2 Spoofing attack in swagger-ui

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions...

4.3CVSS6.9AI score0.42326EPSS
Exploits4References7
vulnersOsv
vulnersOsv
added 2022/03/12 12:0 a.m.5 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +270 more potentially affected by CVE-2018-25031 via swagger-ui (>=2.0.17 <=4.1.0)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =0.1.2, =0.0.1, =1.4.0, =0.0.1, =0.0.4, =1.0.2, =7.0.0, =0.0.0-idm, =1.0.4, =1.1.4 and more Source cves: CVE-2018-25031 Source advisory: OSV:GHSA-CR3Q-PQGQ-M8C2...

4.3CVSS6.7AI score0.42326EPSS
Exploits4
OSV
OSV
added 2022/03/11 7:15 a.m.27 views

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

4.3CVSS5.1AI score
Exploits0References4
NVD
NVD
added 2022/03/11 7:15 a.m.27 views

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

6.1CVSS0.01472EPSS
Exploits0References3
OSV
OSV
added 2022/03/11 7:15 a.m.6 views

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

6.1CVSS6.7AI score0.01472EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/11 7:15 a.m.4 views

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

6.1CVSS6.7AI score0.01472EPSS
Exploits0References4
Prion
Prion
added 2022/03/11 7:15 a.m.26 views

Design/Logic Flaw

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

4.3CVSS6.2AI score0.01472EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/03/11 7:15 a.m.30 views

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

4.3CVSS6.8AI score0.42326EPSS
Exploits4References4
Rows per page
Query Builder