1080 matches found
Design/Logic Flaw
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...
CVE-2023-47142
CVE-2023-47142 affects IBM Tivoli Application Dependency Discovery Manager (TADDM) versions 7.3.0.0 through 7.3.0.10. The root cause is unauthorized API access, allowing an attacker on the local network to escalate privileges. Remediation per IBM is to upgrade to FixPack 7.3.0.11 (7.3-TIV-ITADDM-...
CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...
CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...
PT-2024-15913 · WordPress · Anonymous Restricted Content
Name of the Vulnerable Software and Affected Versions: Anonymous Restricted Content plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is due to insufficient restrictions through the REST API on protected posts and pages, allowing unauthenticated attackers to access...
IBM Tivoli Application Dependency Discovery Manager 权限许可和访问控制问题漏洞
IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...
Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities.
Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-47143 DESCRIPTION: IBM Tivoli Application Dependency Discovery Manager is vulnerable to HTTP header injection, caused by improper...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
Vulnerability fixed in IBM Informix
IBM has fixed a vulnerability in the JDBC driver of Informix. A malicious person with rights to use the API could can exploit the vulnerability to execute arbitrary code execute code with permissions from the application using the JDBC driver. Because it cannot be estimated with what permissions...
CVE-2023-42581
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...
CVE-2023-46326
CVE-2023-46326 affects ZStack Cloud
PT-2023-32525 · M Files · M-Files Server
Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server, which allows attackers to execute...
CVE-2023-44324
Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this...
CVE-2023-44324
Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this...
PT-2023-7163 · Adobe · Framemaker Publishing Server
Name of the Vulnerable Software and Affected Versions: Adobe FrameMaker Publishing Server versions 2022 and earlier Description: The issue is related to an improper authentication vulnerability that could result in a security feature bypass. An unauthenticated attacker can exploit this to access...
MikroTik RouterOS Security Vulnerability
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v7.1 through 7.11 that stems from the presence of a...
ROS-20231109-02
Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...
PT-2023-29831 · Lenovo · Thinksystem
Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...
PYSEC-2023-218
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuratio...
UBUNTU-CVE-2023-41321
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...