CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

CVE-2023-49564

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid...

CVE-2023-49564 Authentication Bypass

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid...

CVE-2023-49564

CVE-2023-49564 : The CBIS/NCS Manager API is vulnerable to an authentication bypass. A specially crafted HTTP header from an unauthenticated user can access restricted API functions. Root cause is a weak verification mechanism in the authentication implementation within the Nginx Podman container...

PT-2025-38296

Name of the Vulnerable Software and Affected Versions CBIS/NCS Manager affected versions not specified Description The CBIS/NCS Manager API is susceptible to an authentication bypass. An unauthenticated user can gain unauthorized access to API functions by sending a specially crafted HTTP header...

PT-2025-38297

Name of the Vulnerable Software and Affected Versions cbis manager Podman container affected versions not specified Description The cbis manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE,...