4 matches found
Substack Breach: 662,752 User Records Leaked on Cybercrime Forum
Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata...
keycloak: Account REST API can update user metadata attributes
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...
Code injection
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcpmember API call...
CVE-2016-0886
CVE-2016-0886 affects EMC Documentum xCP (versions 2.1 before patch 24 and 2.2 before patch 12). The vulnerability allows remote authenticated users to disclose sensitive user-account metadata via the members/xcp_member API. Root cause is an information-disclosure issue in that API endpoint. Impa...