Lucene search
K

676 matches found

CVE
CVE
added 2024/04/06 12:31 p.m.77 views

CVE-2024-3378

Affected product/versions: iboss Secure Web Gateway up to 10.1. The issue resides in the Login Portal’s /login path, where manipulating the redirectUrl parameter can trigger a cross-site scripting (XSS) vulnerability. Root cause: improper handling of redirectUrl within the login flow. Impact: rem...

6.1CVSS4.7AI score0.22002EPSS
Exploits4References4Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/12/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-0297

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by 1 injecting crafted data or 2 including crafted data...

10CVSS6.2AI score0.72596EPSS
Exploits22References1
BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.7 views

The vulnerability in the McAfee Web Gateway, related to code errors, allows attackers to trigger a service failure.

The vulnerability of the McAfee Web Gateway is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.8CVSS7.2AI score0.0239EPSS
Exploits0References3Affected Software4
Citrix
Citrix
added 2023/11/30 12:0 a.m.7 views

How to block access URL https://x.x.x.x/oauth/idp/.well-known/openid-configuration

This article will guide on how to block access to the URL https://x.x.x.x/oauth/idp/.well-known/openid-configuration, where x.x.x.x is the URL of the gateway...

7AI score
Exploits0
CNNVD
CNNVD
added 2023/10/13 12:0 a.m.5 views

Weintek cMT Operating System Command Injection Vulnerability

Weintek cMT is a human machine interface application from Weintek. A security vulnerability exists in the Weintek cMT3000 HMI Web CGI that originates from an anonymous attacker who can execute arbitrary commands while logged into the device...

8.8CVSS7.3AI score0.01169EPSS
Exploits0References4
NVD
NVD
added 2023/09/13 7:15 a.m.30 views

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

6.5CVSS6.3AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2023/09/13 7:15 a.m.5 views

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

6.5CVSS5.8AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/13 6:53 a.m.39 views

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

6.2CVSS6.7AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2023/09/13 6:53 a.m.2490 views

CVE-2023-4400

Skyhigh Secure Web Gateway (SWG) is affected: versions 11.x prior to 11.2.14, 10.x prior to 10.2.25, and 12.x prior to 12.2.1 contain a password-management issue where authentication information stored in configuration files can be extracted via the SWG REST API because passwords are stored in pl...

6.5CVSS6.5AI score0.003EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.14 views

McAfee Skyhigh Secure Web Gateway Security Vulnerability

McAfee Skyhigh Secure Web Gateway McAfee Skyhigh SWG is a family of secure gateways from McAfee, Inc. A security vulnerability exists in McAfee Skyhigh Secure Web Gateway that stems from a password management vulnerability that allows passwords to be stored in plain text...

6.5CVSS6.8AI score0.003EPSS
Exploits0References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/07/11 4:0 p.m.22 views

Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID

A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...

7.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/06/06 12:0 a.m.9 views

What is Secure Web Gateway’s (SWG) Role in Zero Trust?

Explore why secure web gateway SWG is important to effectively secure cloud resources and reduce cyber risk across the attack surface and the role a zero trust strategy can play...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.6 views

The vulnerability of the WSGI Werkzeug web application library, related to the distribution of resources without restrictions or regulation, allows a hacker to replace the cookie file.

The vulnerability of the WSGI Werkzeug web application lies in the fact that the application does not properly control the consumption of internal resources when processing data with a complex structure and containing a large number of fields. Exploiting this vulnerability could allow an attacker...

3.5CVSS6.4AI score0.00507EPSS
Exploits0References8Affected Software9
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.228 views

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...

6.1CVSS6.6AI score0.0189EPSS
Exploits4
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.60 views

K56715231: TMM buffer-overflow vulnerability CVE-2021-22991

Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...

9.8CVSS8.1AI score0.61064EPSS
Exploits3Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.49 views

K66510514: TMM vulnerability CVE-2022-34862

Security Advisory Description When an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-34862 Impact This vulnerability affects systems with one or more of the following configurations. Affected...

7.5CVSS7.1AI score0.01053EPSS
Exploits1Affected Software13
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-41159

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue h...

8.8CVSS8.8AI score0.01346EPSS
Exploits0References6
Akamai Blog
Akamai Blog
added 2022/11/09 2:0 p.m.11 views

On-Ramping Traffic to a Cloud-Based Secure Web Gateway

Though cloud-based secure web gateways SWGs eliminate many problems, it’s important to select the right approach to on-ramping traffic based on use case and protection level...

7AI score
Exploits0
NVD
NVD
added 2022/10/28 10:15 a.m.18 views

CVE-2022-3320

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...

9.8CVSS0.00378EPSS
Exploits0References1
OSV
OSV
added 2022/10/28 10:15 a.m.3 views

CVE-2022-3320

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...

9.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder