Lucene search
+L

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.5AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.9 views

EUVD-2026-30115

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 6:46 p.m.33 views

CVE-2026-33585 Arqit SKA-Platform Improper Handling of Parameters Vulnerability

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:46 p.m.7 views

CVE-2026-33585 Arqit SKA-Platform Improper Handling of Parameters Vulnerability

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:46 p.m.8 views

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from improper management of the idle timeou...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 7:16 a.m.39 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 5:42 a.m.52 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS0.00297EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/04/18 12:55 p.m.39 views

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

6.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/18 12:55 p.m.60 views

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

6.3AI score
Exploits0
HackRead
HackRead
added 2025/09/23 9:23 p.m.8 views

Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation

Microsoft patched an Entra ID vulnerability that let attackers impersonate Global Admins across tenants, risking full Microsoft 365 and Azure takeover...

7AI score
Exploits0
Rows per page
Query Builder