Lucene search
K

27 matches found

CNNVD
CNNVD
added 2022/01/11 12:0 a.m.4 views

Tibco Eftl 信息泄露漏洞

Tibco Eftl is an add-on to Tibco Ftl and Tibco Enterprise Message Service™ from Tibco USA, Inc. Extending Tibco Ftl® messaging to platforms such as Web browsers and mobile devices, TIBCO eFTL is vulnerable to information disclosure, which can be exploited by a low privilege attacker with network...

8.8CVSS5.7AI score0.00746EPSS
Exploits0References4
NVD
NVD
added 2021/07/13 11:15 a.m.24 views

CVE-2021-33709

A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. By sending malformed requests, a remote attacker could leak an application token due to an error n...

4.3CVSS0.00897EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/13 11:3 a.m.22 views

CVE-2021-33709

A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. By sending malformed requests, a remote attacker could leak an application token due to an error n...

4.8AI score0.00897EPSS
Exploits0References1
CVE
CVE
added 2021/07/13 11:3 a.m.40 views

CVE-2021-33709

CVE-2021-33709 affects Siemens Teamcenter Active Workspace: v4 (all versions < 4.3.9), v5.0 (< 5.0.7), and v5.1 (

4.3CVSS4.4AI score0.00897EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/05/05 10:15 p.m.17 views

Design/Logic Flaw

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...

6CVSS6.8AI score0.01038EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2020/05/05 10:15 p.m.34 views

CVE-2020-11033

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...

7.2CVSS7AI score0.01038EPSS
Exploits0References2
CVE
CVE
added 2020/05/05 9:15 p.m.113 views

CVE-2020-11033

CVE-2020-11033 affects GLPI 9.1 up to before 9.4.6. An API user with READ on the User itemtype could query apirest.php/User and obtain the full user list, including all api_tokens (privilege escalation) and personal_tokens (inter-user planning). Exploitation requires the API to be enabled and a t...

7.2CVSS6.5AI score0.01038EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder