Lucene search
K

26 matches found

Prion
Prion
added 2020/05/14 12:15 a.m.13 views

Code injection

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

5.8CVSS5.6AI score0.01145EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/01/21 2:38 a.m.8 views

Insecure Authorization

loopback allows unauthorized creation of Authentication Tokens. This is due to improper authorization when the AccessToken model is publicly exposed, allowing an attacker, who has knowledge of any target's userId, to create Authentication Tokens for the victim and gain access to the application a...

6.9AI score
Exploits0
NVD
NVD
added 2018/12/20 2:29 p.m.23 views

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

9.3CVSS7.8AI score0.03448EPSS
Exploits0References3
Prion
Prion
added 2018/12/20 2:29 p.m.21 views

Authentication flaw

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

9.3CVSS7.9AI score0.03448EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/20 2:0 p.m.27 views

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

7.7CVSS8AI score0.03448EPSS
Exploits0References3
CVE
CVE
added 2018/12/20 2:0 p.m.55 views

CVE-2018-1778

CVE-2018-1778 (IBM API Connect / LoopBack) affects IBM API Connect versions 2018.1 through 2018.4.1 and 5.0.8.0 through 5.0.8.4. The vulnerability arises when the AccessToken model is exposed via a REST API, enabling an attacker to create an access token for any user who has a known userId, poten...

9.3CVSS8AI score0.03448EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder