27 matches found
Tibco Eftl 信息泄露漏洞
Tibco Eftl is an add-on to Tibco Ftl and Tibco Enterprise Message Service™ from Tibco USA, Inc. Extending Tibco Ftl® messaging to platforms such as Web browsers and mobile devices, TIBCO eFTL is vulnerable to information disclosure, which can be exploited by a low privilege attacker with network...
CVE-2021-33709
A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. By sending malformed requests, a remote attacker could leak an application token due to an error n...
CVE-2021-33709
A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. By sending malformed requests, a remote attacker could leak an application token due to an error n...
CVE-2021-33709
CVE-2021-33709 affects Siemens Teamcenter Active Workspace: v4 (all versions < 4.3.9), v5.0 (< 5.0.7), and v5.1 (
Design/Logic Flaw
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...
CVE-2020-11033
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...
CVE-2020-11033
CVE-2020-11033 affects GLPI 9.1 up to before 9.4.6. An API user with READ on the User itemtype could query apirest.php/User and obtain the full user list, including all api_tokens (privilege escalation) and personal_tokens (inter-user planning). Exploitation requires the API to be enabled and a t...