38 matches found
CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865
CVE-2024-53865 affects the Python package zhmcclient, a client library for IBM Z HMC Web Services API. The issue is that in affected versions, password-like properties are written in clear text to API and HMC logs in several operations: boot-ftp-password and ssc-master-pw when creating/updating p...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41959
CVE-2024-41959 affects mailcow: dockerized. An unauthenticated attacker can inject a JavaScript payload into the API logs, which is executed when the API logs page is viewed. This can enable malicious scripts to run in the user’s browser, potentially leading to unauthorized actions and data theft...
IBM App Connect Enterprise Information Disclosure Vulnerability
IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud native IBM App Connect Enterprise combines existing industry-trusted IBM...
CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...
CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...
Design/Logic Flaw
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...
CVE-2023-40682 IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...
CVE-2023-40682 IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...
CVE-2023-40682
CVE-2023-40682 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.8.0 and describes an unspecified vulnerability enabling a local privileged user to obtain sensitive information from API logs. Multiple connected sources corroborate the affected product and the information-disclosur...
PT-2023-27598 · Ibm · Ibm App Connect Enterprise
Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.8.0 Description: The issue allows a local privileged user to obtain sensitive information from API logs. Recommendations: For IBM App Connect Enterprise versions 12.0.1.0 through...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a potential information disclosure
Summary IBM App Connect Enterprise contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs CVE-2023-40682. Vulnerability Details CVEID:CVE-2023-40682 DESCRIPTION: IBM App Connect Enterprise contains an unspecified vulnerability...
Html Macros should respect authenticated user based on allowlist API
Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result in unauthenticated remote root access on a target system. SaltStack developers disclosed these weaknesses on Nov. 3, 2020 and have released patches...