5 matches found
EUVD-2023-0494
Malicious code in bioql PyPI...
CVE-2023-28640
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
io.apiman:apiman-distro-db (>=1.1.2.Final <=1.2.6.Beta3), io.apiman:apiman-distro-db-es (>=1.1.2.Final <=1.2.6.Beta3) +23 more potentially affected by CVE-2023-28640 via io.apiman:apiman-manager-api-rest-impl (>=1.1.2.Final <=3.0.0.RC6)
io.apiman:apiman-manager-api-rest-impl MAVEN version =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.6.Final, =1.2.2.Final, =1.2.2.Final, =1.2.2.Final, =1.1.2.Final, =1.2.1.Final, =1.1.5.Final, =1.1.2.Final, =1.2.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.2.0.Final and mor...
Apiman vulnerable to permissions bypass due to missing check on API key URL
Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...
GHSA-M6F8-HJRV-MW5F Apiman vulnerable to permissions bypass due to missing check on API key URL
Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...