677 matches found
Design/Logic Flaw
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...
CVE-2022-3320
Summary: CVE-2022-3320 affects Cloudflare WARP/Zero Trust deployments where the warp-cli set-custom-endpoint subcommand can be used with an unreachable endpoint, causing the WARP Client to disconnect and bypass administrative restrictions on a Zero Trust enrolled endpoint. Multiple connected sour...
CVE-2022-3320
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...
Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control (CVE-2012-2206)
Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition may result in authenticated users being able to access other users' file transfers. Content CVE ID: CVE-2012-2206 DESCRIPTION: When using the web gateway, an authenticated user is...
Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway vulnerable to CSRF attack (CVE-2012-3294)
Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere MQ - Managed File Transfer may be susceptible to a Cross Site Request Forgery attack. Content CVE ID: CVE-2012-3294 DESCRIPTION: When using the web gateway, an...
CVE-2022-2225 Zero Trust Secure Web Gateway policies bypass using WARP client subcommands
By using warp-cli subcommands disable-ethernet, disable-wifi, it was possible for a user without admin privileges to bypass configured Zero Trust security policies e.g. Secure Web Gateway policies and features such as 'Lock WARP switch'...
CVE-2022-2225
By using warp-cli subcommands disable-ethernet, disable-wifi, it was possible for a user without admin privileges to bypass configured Zero Trust security policies e.g. Secure Web Gateway policies and features such as 'Lock WARP switch'...
PT-2022-15299 · Warp · Warp
Name of the Vulnerable Software and Affected Versions: WARP affected versions not specified Description: The issue allows a user without admin privileges to bypass configured Zero Trust security policies, such as Secure Web Gateway policies, and features like 'Lock WARP switch' by utilizing...
Cloudflare WARP 安全漏洞
Cloudflare WARP Cloudflare Vpn is a client application for secure connections from the US company Cloudflare. A security vulnerability exists in Cloudflare WARP. An attacker can exploit this vulnerability to bypass configured zero-trust security policies e.g., Secure Web Gateway policy and featur...
McAfee Skyhigh Secure Web Gateway 安全漏洞
McAfee Skyhigh Secure Web Gateway McAfee Skyhigh SWG is a series of security gateways from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Skyhigh Secure Web Gateway. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vend...
The vulnerability of the automatic decryption process of Cisco Umbrella Secure Web Gateway (SWG) allows attackers to circumvent existing security restrictions.
The vulnerability of the automatic decryption process of the Cisco Umbrella Secure Web Gateway SWG is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...
Cisco Umbrella Secure Web Gateway文件解密绕过漏洞
Cisco Umbrella is a cloud security platform from the U.S. company Cisco Cisco. The platform prevents cyber threats such as phishing, malware and ransomware.Cisco Umbrella Secure Web Gateway has a file decryption bypass vulnerability that can be exploited by authenticated attackers to bypass the...
CVE-2022-20805
The CVE-2022-20805 entry concerns Cisco Umbrella Secure Web Gateway (SWG). The flaw is in the automatic decryption process where the TLS Server Name Indication (SNI) is used to decide whether to decrypt a request; this enables an authenticated, adjacent attacker to bypass SSL decryption and conte...
CVE-2022-20805
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...
Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...
CVE-2022-1254
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. Thi...
McAfee Skyhigh Secure Web Gateway 输入验证错误漏洞
McAfee Skyhigh Secure Web Gateway McAfee Skyhigh SWG is a family of security gateways from McAfee Inc. in the United States. The McAfee Skyhigh Secure Web Gateway suffers from an input validation error vulnerability that stems from a faulty application redirection response. A remote attacker coul...
CVE-2022-20738
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...
Design/Logic Flaw
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...
CVE-2022-20738 Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...