Lucene search
K

677 matches found

prion
prion
added 2022/10/28 10:15 a.m.20 views

Design/Logic Flaw

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...

7.5CVSS9.5AI score0.00378EPSS
Exploits0References1Affected Software1
cve
cve
added 2022/10/28 9:30 a.m.61 views

CVE-2022-3320

Summary: CVE-2022-3320 affects Cloudflare WARP/Zero Trust deployments where the warp-cli set-custom-endpoint subcommand can be used with an unreachable endpoint, causing the WARP Client to disconnect and bypass administrative restrictions on a Zero Trust enrolled endpoint. Multiple connected sour...

9.8CVSS8.2AI score0.00378EPSS
Exploits0References1Affected Software1
alpinelinux
alpinelinux
added 2022/10/28 9:30 a.m.32 views

CVE-2022-3320

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...

9.8CVSS9.7AI score0.00378EPSS
Exploits0References1
ibm
ibm
added 2022/09/25 7:56 p.m.29 views

Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control (CVE-2012-2206)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition may result in authenticated users being able to access other users' file transfers. Content CVE ID: CVE-2012-2206 DESCRIPTION: When using the web gateway, an authenticated user is...

3.5CVSS5.6AI score0.02007EPSS
Exploits2Affected Software1
ibm
ibm
added 2022/09/25 7:56 p.m.25 views

Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway vulnerable to CSRF attack (CVE-2012-3294)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere MQ - Managed File Transfer may be susceptible to a Cross Site Request Forgery attack. Content CVE ID: CVE-2012-3294 DESCRIPTION: When using the web gateway, an...

6.8CVSS5.7AI score0.02007EPSS
Exploits4Affected Software1
cvelist
cvelist
added 2022/07/26 11:35 a.m.18 views

CVE-2022-2225 Zero Trust Secure Web Gateway policies bypass using WARP client subcommands

By using warp-cli subcommands disable-ethernet, disable-wifi, it was possible for a user without admin privileges to bypass configured Zero Trust security policies e.g. Secure Web Gateway policies and features such as 'Lock WARP switch'...

8.1CVSS8.3AI score0.00187EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2022/07/26 11:35 a.m.27 views

CVE-2022-2225

By using warp-cli subcommands disable-ethernet, disable-wifi, it was possible for a user without admin privileges to bypass configured Zero Trust security policies e.g. Secure Web Gateway policies and features such as 'Lock WARP switch'...

8.1CVSS2.4AI score0.00187EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/07/26 12:0 a.m.5 views

PT-2022-15299 · Warp · Warp

Name of the Vulnerable Software and Affected Versions: WARP affected versions not specified Description: The issue allows a user without admin privileges to bypass configured Zero Trust security policies, such as Secure Web Gateway policies, and features like 'Lock WARP switch' by utilizing...

8.1CVSS7.5AI score0.00187EPSS
Exploits0References5
cnnvd
cnnvd
added 2022/07/26 12:0 a.m.5 views

Cloudflare WARP 安全漏洞

Cloudflare WARP Cloudflare Vpn is a client application for secure connections from the US company Cloudflare. A security vulnerability exists in Cloudflare WARP. An attacker can exploit this vulnerability to bypass configured zero-trust security policies e.g., Secure Web Gateway policy and featur...

8.1CVSS7.4AI score0.00187EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/07/26 12:0 a.m.3 views

McAfee Skyhigh Secure Web Gateway 安全漏洞

McAfee Skyhigh Secure Web Gateway McAfee Skyhigh SWG is a series of security gateways from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Skyhigh Secure Web Gateway. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vend...

10CVSS8.3AI score0.01034EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2022/05/17 12:0 a.m.7 views

The vulnerability of the automatic decryption process of Cisco Umbrella Secure Web Gateway (SWG) allows attackers to circumvent existing security restrictions.

The vulnerability of the automatic decryption process of the Cisco Umbrella Secure Web Gateway SWG is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...

4.1CVSS5.4AI score0.00176EPSS
Exploits0References3
cnvd
cnvd
added 2022/04/22 12:0 a.m.33 views

Cisco Umbrella Secure Web Gateway文件解密绕过漏洞

Cisco Umbrella is a cloud security platform from the U.S. company Cisco Cisco. The platform prevents cyber threats such as phishing, malware and ransomware.Cisco Umbrella Secure Web Gateway has a file decryption bypass vulnerability that can be exploited by authenticated attackers to bypass the...

4.1CVSS2.1AI score0.00176EPSS
Exploits0References1
cve
cve
added 2022/04/21 6:51 p.m.136 views

CVE-2022-20805

The CVE-2022-20805 entry concerns Cisco Umbrella Secure Web Gateway (SWG). The flaw is in the automatic decryption process where the TLS Server Name Indication (SNI) is used to decide whether to decrypt a request; this enables an authenticated, adjacent attacker to bypass SSL decryption and conte...

4.1CVSS4.2AI score0.00176EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2022/04/20 11:0 p.m.5 views

CVE-2022-20805

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...

4.1CVSS5.8AI score0.00176EPSS
Exploits0References2
cisco
cisco
added 2022/04/20 4:0 p.m.30 views

Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...

4.1CVSS0.7AI score0.00176EPSS
Exploits0References1
osv
osv
added 2022/04/20 1:15 p.m.6 views

CVE-2022-1254

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. Thi...

6.1CVSS6.4AI score0.00772EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/04/20 12:0 a.m.7 views

McAfee Skyhigh Secure Web Gateway 输入验证错误漏洞

McAfee Skyhigh Secure Web Gateway McAfee Skyhigh SWG is a family of security gateways from McAfee Inc. in the United States. The McAfee Skyhigh Secure Web Gateway suffers from an input validation error vulnerability that stems from a faulty application redirection response. A remote attacker coul...

6.1CVSS6.4AI score0.00772EPSS
Exploits0References5
nvd
nvd
added 2022/02/10 6:15 p.m.21 views

CVE-2022-20738

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...

9.8CVSS0.01105EPSS
Exploits0References1
prion
prion
added 2022/02/10 6:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...

7.5CVSS9.1AI score0.01105EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/02/10 5:6 p.m.13 views

CVE-2022-20738 Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...

5.8CVSS6.8AI score0.01105EPSS
Exploits0References1
Rows per page
Query Builder