CVE-2020-11012

CVE-2020-11012 affects MinIO prior to RELEASE.2020-04-23T00-58-49Z. The admin API authentication bypass allows an admin access key to perform admin API operations (e.g., creating new service accounts for existing keys) without the admin secret key. The issue is documented across multiple sources ...

CVE-2020-11012 Authentication bypass MinIO Admin API

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

CVE-2020-11012

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

PT-2020-12492 · Minio +1 · Minio +1

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2020-04-23T00-58-49Z Description: The issue allows for an authentication bypass in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations, such as creating new service...

CVE-2020-11710

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

CVE-2020-11710

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

Design/Logic Flaw

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

CVE-2020-11710

CVE-2020-11710 affects docker-kong/Kong up to version 2.0.3, where the Admin API port may be exposed on interfaces other than 127.0.0.1. The evidence in connected documents centers on a Kong admin API access issue via docker-kong templates, with a vendor note that the scope/patch references are d...

PT-2020-12797 · Kong · Docker-Kong

Name of the Vulnerable Software and Affected Versions: docker-kong versions through 2.0.3 Description: An issue was discovered where the admin API port may be accessible on interfaces other than 127.0.0.1. The vendor argues that this is not a vulnerability because it has an inaccurate bug scope a...

UBUNTU-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2019-12182

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...

Total.js CMS Remote Code Execution Vulnerability

Total.js CMS is a content management system CMS based on a NoSQL database. A security vulnerability exists in the controllers/admin.js file in version 13 of Total.js CMS. The vulnerability can be exploited by a remote attacker to execute arbitrary code by sending a POST request to the...

Design/Logic Flaw

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

Cross site scripting

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113...

CVE-2019-4115

IBM WebSphere eXtreme Scale Admin API (v8.6) is affected by cross-site scripting in the Admin UI, enabling injection of arbitrary JavaScript and potential credential disclosure within a trusted session. Root cause: inadequate input sanitization in the Admin UI. Impact is described in multiple sou...

PT-2019-16904 · Ibm · Ibm Websphere Extreme Scale

Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...

CVE-2018-12409

The CVE-2018-12409 issue affects TIBCO Silver Fabric, specifically the SOAP Admin API component. The vulnerability is a reflected cross-site scripting (XSS) flaw in the SOAP Admin API, with affected releases up to and including 5.8.1. Reports from TIBCO’s advisory indicate the impact could enable...

CVE-2018-12409

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...