Lucene search
K

160 matches found

Cvelist
Cvelist
added 2023/01/28 1:23 a.m.22 views

CVE-2023-23629 Metabase subject to Improper Privilege Management

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...

6.3CVSS6.4AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2023/01/28 1:23 a.m.78 views

CVE-2023-23629

Metabase (open-source analytics platform) is affected by CVE-2023-23629 due to Improper Privilege Management in dashboard subscriptions. The issue allows a user with higher data privileges to create a subscription and add recipients, who then receive data exposed according to the creator’s privil...

6.3CVSS6.2AI score0.00378EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/28 1:11 a.m.81 views

CVE-2023-23628

Metabase information disclosure CVE-2023-23628 affects sandboxed users who view dashboard subscription settings and can see the recipients list when another user added recipients. Root cause is an exposure of user data to unauthorized actors within the application. Impact is restricted to viewing...

5.7CVSS4.3AI score0.00438EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/28 1:11 a.m.26 views

CVE-2023-23628 Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor

Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the...

5.7CVSS4.8AI score0.00438EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/28 12:0 a.m.3 views

Metabase 信息泄露漏洞

Metabase is an open source data analytics platform from Metabase Inc. Metabase is vulnerable to an information disclosure vulnerability that stems from exposing sensitive information to an unauthorized user. No details of the vulnerability are currently available...

5.7CVSS6.2AI score0.00438EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/28 12:0 a.m.4 views

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase Inc. Metabase has a security vulnerability that stems from incorrect privilege management...

6.3CVSS6.4AI score0.00378EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2022/10/20 1:28 p.m.27 views

The Four-Step Approach to Modernizing Your DAM Strategy

Effective data security is critical to an organizations success and requires a strategy that aligns with the company’s objectives and those of its stakeholders. As the data landscape changes, most Database Activity Monitoring DAM solutions struggle to meet new data security requirements. The resu...

0.6AI score
Exploits0
Code423n4
Code423n4
added 2022/10/12 12:0 a.m.8 views

Set admin emit event with wrong data

Lines of code Vulnerability details Impact emit AdminUpdatedadmin, newAdmin; will emit AdminUpdated with same values. Proof of Concept Tools Used Code analytics Recommended Mitigation Steps store address of admin before --- The text was updated successfully, but these errors were encountered: All...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/05 1:33 p.m.17 views

The Role of the Cybersecurity Leader in 2022

Who does the modern CISO need to be? According to the 2021 Gartner, Inc. Market Guide for Managed Detection and Response Services, the role of the chief information security officer CISO has to change in 2022 to combat the ever-evolving modern threat landscape. Eighty-eight percent of company...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/27 12:0 a.m.374 views

WSO2 Management Console Cross Site Scripting

Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Date: 21 Apr 2022 Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/,...

6.1CVSS0.1AI score0.40481EPSS
Exploits5
OSV
OSV
added 2022/04/21 2:15 a.m.21 views

CVE-2022-29548

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...

6.1CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2022/04/21 2:15 a.m.18 views

Cross site scripting

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...

4.3CVSS5.9AI score0.40481EPSS
Exploits5References3Affected Software9
CVE
CVE
added 2022/04/21 12:0 a.m.749 views

CVE-2022-29548

CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...

6.1CVSS5.8AI score0.40481EPSS
Exploits5References3Affected Software9
Positive Technologies
Positive Technologies
added 2022/04/01 12:0 a.m.5 views

PT-2022-2550 · Wso2 · Wso2 Identity Server Analytics +8

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 API Manager Analytics versions 2.2.0 through 2.6.0 WSO2 API Microgateway version 2.2.0 WSO2 Data Analytics Server version 3.2.0 WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0 WSO2 IS...

6.1CVSS5.9AI score0.40481EPSS
Exploits5References11
The Hacker News
The Hacker News
added 2022/03/22 1:4 p.m.63 views

Wazuh Offers XDR Functionality at a Price Enterprises Will Love — Free!

Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response XDR. It described a unified cybersecurity infrastructure that brought...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/01/28 10:48 a.m.22 views

How Wazuh Can Improve Digital Security for Businesses

2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces o...

8AI score
Exploits0
CNVD
CNVD
added 2022/01/28 12:0 a.m.18 views

IBM Security Guardium Insights输入验证错误漏洞

IBM Security Guardium Insights is a data security solution from IBM Corporation. The product supports data analytics, threat alerts, data security auditing and local data monitoring. IBM Security Guardium Insights has an input validation error vulnerability in v3.0, which stems from the fact that...

8.8CVSS2.1AI score0.00766EPSS
Exploits0References1
HackRead
HackRead
added 2022/01/03 5:46 p.m.9 views

How Data Analytics and AI Solve the Toughest Global Problems

By Waqas Can technologies combining data analytics and artificial intelligence save the world from its growing problems? This is a post from HackRead.com Read the original post: How Data Analytics and AI Solve the Toughest Global Problems...

3AI score
Exploits0
GithubExploit
GithubExploit
added 2021/11/21 11:38 a.m.253 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Metabase

CVE-2021-41277 PoC Metabase is an open source data analytics...

10CVSS8.7AI score0.97178EPSS
Exploits5
OSV
OSV
added 2021/11/17 8:15 p.m.19 views

CVE-2021-41277

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...

7.5CVSS6.3AI score0.97178EPSS
Exploits5References3
Rows per page
Query Builder