188 matches found
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2012
CVE-2024-2012 concerns the FOXMAN-UN/UNEM server and its APIGateway. Red Hat/Red Hat-adjacent and other sources describe an authentication bypass and post-authentication surface that could allow unauthenticated or improperly authenticated users to interact with services, potentially enabling unin...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
PT-2024-18615 · Unknown · Foxmann-Un/Unem Server
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN/UNEM server affected versions not specified Description: An authentication bypass issue exists in the FOXMAN-UN/UNEM server API Gateway component. This allows attackers without any access to interact with the services and the...
GHSA-99F9-GV72-FW9R Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Impacted Resources bref/src/Event/Http/HttpResponse.php:61-90 Description When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. Precisely, if PHP generates a response with two headers having the same key but different values only the...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753
CVE-2024-24753 concerns the Bref serverless PHP runtime on AWS Lambda. When used with API Gateway v2, Bref does not correctly handle multiple-value headers: if PHP emits two headers with the same name, only the last value is retained. This can undermine security policies that rely on multiple hea...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2023-50093
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection...
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...
Cross site scripting
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...
APIIDA API Gateway Manager Security Vulnerability
APIIDA API Gateway Manager for Broadcom Layer7 is an APIIDA API gateway manager for Broadcom Layer7 from APIIDA Germany. It enables fast and reliable API deployment and migration as well as comprehensive API monitoring and alerting. A security vulnerability exists in APIIDA API Gateway Manager...
CVE-2023-50092
CVE-2023-50092 affects APIIDA API Gateway Manager for Broadcom Layer7, version 2023.2. Multiple sources describe a Cross-Site Scripting (XSS) vulnerability; PT-Security explicitly calls it a Reflective XSS. The CVSS v3.1 score is 6.1 (Medium) with network attack vector, no privileges required, us...
CVE-2023-50093
CVE-2023-50093 affects APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 and is a Host Header Injection vulnerability. The Red Hat, NVD, and CVE listings corroborate a host header issue in APIIDA API Gateway Manager for Broadcom Layer7 2023.2.2. The issue stems from an injection vulnerabil...
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...