676 matches found
CVE-2024-3378
Affected product/versions: iboss Secure Web Gateway up to 10.1. The issue resides in the Login Portal’s /login path, where manipulating the redirectUrl parameter can trigger a cross-site scripting (XSS) vulnerability. Root cause: improper handling of redirectUrl within the login flow. Impact: rem...
VulnCheck KEV: CVE-2012-0297
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by 1 injecting crafted data or 2 including crafted data...
The vulnerability in the McAfee Web Gateway, related to code errors, allows attackers to trigger a service failure.
The vulnerability of the McAfee Web Gateway is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
How to block access URL https://x.x.x.x/oauth/idp/.well-known/openid-configuration
This article will guide on how to block access to the URL https://x.x.x.x/oauth/idp/.well-known/openid-configuration, where x.x.x.x is the URL of the gateway...
Weintek cMT Operating System Command Injection Vulnerability
Weintek cMT is a human machine interface application from Weintek. A security vulnerability exists in the Weintek cMT3000 HMI Web CGI that originates from an anonymous attacker who can execute arbitrary commands while logged into the device...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2023-4400
Skyhigh Secure Web Gateway (SWG) is affected: versions 11.x prior to 11.2.14, 10.x prior to 10.2.25, and 12.x prior to 12.2.1 contain a password-management issue where authentication information stored in configuration files can be extracted via the SWG REST API because passwords are stored in pl...
McAfee Skyhigh Secure Web Gateway Security Vulnerability
McAfee Skyhigh Secure Web Gateway McAfee Skyhigh SWG is a family of secure gateways from McAfee, Inc. A security vulnerability exists in McAfee Skyhigh Secure Web Gateway that stems from a password management vulnerability that allows passwords to be stored in plain text...
Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID
A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...
What is Secure Web Gateway’s (SWG) Role in Zero Trust?
Explore why secure web gateway SWG is important to effectively secure cloud resources and reduce cyber risk across the attack surface and the role a zero trust strategy can play...
The vulnerability of the WSGI Werkzeug web application library, related to the distribution of resources without restrictions or regulation, allows a hacker to replace the cookie file.
The vulnerability of the WSGI Werkzeug web application lies in the fact that the application does not properly control the consumption of internal resources when processing data with a complex structure and containing a large number of fields. Exploiting this vulnerability could allow an attacker...
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...
K66510514: TMM vulnerability CVE-2022-34862
Security Advisory Description When an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-34862 Impact This vulnerability affects systems with one or more of the following configurations. Affected...
SUSE CVE-2021-41159
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue h...
On-Ramping Traffic to a Cloud-Based Secure Web Gateway
Though cloud-based secure web gateways SWGs eliminate many problems, it’s important to select the right approach to on-ramping traffic based on use case and protection level...
CVE-2022-3320
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...
CVE-2022-3320
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...