Lucene search
K

38 matches found

Cvelist
Cvelist
added 2024/11/29 6:48 p.m.33 views

CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

8.2CVSS0.00135EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/29 6:48 p.m.11 views

CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

8.2CVSS6.7AI score0.00135EPSS
Exploits0References2
CVE
CVE
added 2024/11/29 6:48 p.m.108 views

CVE-2024-53865

CVE-2024-53865 affects the Python package zhmcclient, a client library for IBM Z HMC Web Services API. The issue is that in affected versions, password-like properties are written in clear text to API and HMC logs in several operations: boot-ftp-password and ssc-master-pw when creating/updating p...

8.2CVSS8.2AI score0.00135EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/05 7:59 p.m.36 views

CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

7.6CVSS0.00332EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/05 7:59 p.m.22 views

CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

7.6CVSS7AI score0.00332EPSS
Exploits0References2
OSV
OSV
added 2024/08/05 7:59 p.m.20 views

CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

7.6CVSS6.8AI score0.00332EPSS
Exploits0References4
CVE
CVE
added 2024/08/05 7:59 p.m.62 views

CVE-2024-41959

CVE-2024-41959 affects mailcow: dockerized. An unauthenticated attacker can inject a JavaScript payload into the API logs, which is executed when the API logs page is viewed. This can enable malicious scripts to run in the user’s browser, potentially leading to unauthorized actions and data theft...

7.6CVSS7.5AI score0.00332EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2023/10/17 12:0 a.m.13 views

IBM App Connect Enterprise Information Disclosure Vulnerability

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud native IBM App Connect Enterprise combines existing industry-trusted IBM...

4.4CVSS5.9AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2023/10/13 4:15 p.m.18 views

CVE-2023-40682

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...

4.4CVSS4.2AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2023/10/13 4:15 p.m.5 views

CVE-2023-40682

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...

4.4CVSS5.8AI score0.00179EPSS
Exploits0References2
Prion
Prion
added 2023/10/13 4:15 p.m.20 views

Design/Logic Flaw

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...

1.4CVSS4.1AI score0.00179EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/13 3:41 p.m.22 views

CVE-2023-40682 IBM App Connect Enterprise information disclosure

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...

4.4CVSS4.4AI score0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/13 3:41 p.m.16 views

CVE-2023-40682 IBM App Connect Enterprise information disclosure

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...

4.4CVSS4.2AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2023/10/13 3:41 p.m.66 views

CVE-2023-40682

CVE-2023-40682 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.8.0 and describes an unspecified vulnerability enabling a local privileged user to obtain sensitive information from API logs. Multiple connected sources corroborate the affected product and the information-disclosur...

4.4CVSS4.2AI score0.00179EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/13 12:0 a.m.4 views

PT-2023-27598 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.8.0 Description: The issue allows a local privileged user to obtain sensitive information from API logs. Recommendations: For IBM App Connect Enterprise versions 12.0.1.0 through...

4.4CVSS4.2AI score0.00179EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/12 2:37 p.m.33 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a potential information disclosure

Summary IBM App Connect Enterprise contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs CVE-2023-40682. Vulnerability Details CVEID:CVE-2023-40682 DESCRIPTION: IBM App Connect Enterprise contains an unspecified vulnerability...

4.4CVSS4.2AI score0.00179EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/12 11:53 p.m.49 views

Html Macros should respect authenticated user based on allowlist API

Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...

0.4AI score
Exploits0Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2020/11/10 2:22 p.m.100 views

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result in unauthenticated remote root access on a target system. SaltStack developers disclosed these weaknesses on Nov. 3, 2020 and have released patches...

7.5CVSS1AI score0.99585EPSS
Exploits29
Rows per page
Query Builder