Design/Logic Flaw

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController...

CVE-2021-33523

MashZone NextGen (up to 10.7 GA) contains a vulnerability where a remote authenticated user with admin-console access can upload a JDBC driver via com.idsscheer.ppmmashup.business.jdbc.DriverUploadController, allowing execution of arbitrary commands on the underlying host. The Red Hat and NVD ent...

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController...

CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM...

Design/Logic Flaw

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM...

CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM...

CVE-2022-22354

CVE-2022-22354 affects IBM Spectrum Protect Plus (10.1.0.0–10.1.9.2) and IBM Spectrum Copy Data Management (2.2.0.0–2.2.14.3). The issue is that connections are not length-limited, enabling a Slowloris HTTP denial-of-service attack that can render the Admin Console unresponsive. Affected products...

CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM...

Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4080)

Summary There is a potential denial of service in WebSphere Application Server Admin Console which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-4080 DESCRIPTION: IBM WebSphere Application Server Admin Console is vulnerable to a...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1380)

Summary A vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center. There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. Tivoli Storage Productivity Center has addressed the applicable CVE. Vulnerability...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1137)

Summary A vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center. There is a potential for weaker than expected security with the Administrative Console in WebSphere Application Server. Tivoli Storage Productivity Center has addressed the applicable CVE...

Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console affects Tivoli Storage Productivity Center (CVE-2017-1501)

Summary There is a potential security vulnerability in the WebSphere Application Server Admin Console affecting Tivoli Storage Productivity Center if you have updated the web services security bindings settings. If you changed the cipher suites in the web services security bindings settings, they...

GHSA-3H2H-XQR2-2JP7 Cross-site Scripting (XSS) in Apache ActiveMQ Artemis

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and th...

Cross-site Scripting (XSS) in Apache ActiveMQ Artemis

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and th...

CVE-2022-0225

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

Cross-site Scripting (XSS)

wildfly is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization when creating a new role in domain mode via the admin consolean attacker to add a payload in the name field...

wildfly: XSS via admin console when creating roles in domain mode

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...

CVE-2021-39064

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957...

CVE-2021-39053

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerabili...

CVE-2021-39065

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could...