2 matches found
CVE-2023-28640
Summary: CVE-2023-28640 affects Apiman. A missing permissions check allowed an authenticated Apiman Manager user to access API keys they should not Permissions by guessing a URL that includes Organisation ID, Client ID, and Client Version. This is not trivial but possible via brute-forcing or gue...
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...