Cross-Site Scripting (XSS)

css-validator is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the URL when an error message is displayed...

With Pre-Auth policy in place, users get “Error: Not a privilege User” after logging in

From client machine Access website EPA kicks in and successful EPA response Got the login page Two factor Enter the Username and password Got an error “Not a privilege user” and stuck at /cgi/login...

CVE-2020-4532

IBM Business Automation Workflow and IBM Business Process Manager IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in...

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

Server side request forgery (ssrf)

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

Malicious Code Injection

guvnor-m2repo-editor-backend is vulnerable to malicious code injection. The attacker can inject arbitrary code by uploading a pom.xml with errors to business central using Artifact Repository as the upload function shows the error message in an HTML mode...

App Layering 2001: Can't Finalize Layer - An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'

After installing the latest Cumulative Update, Cannot finalize the Version. Getting Error Message: An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'...

Veeam Guest Catalog Service does not start after upgrade

Challenge After a consecutive upgrade of Veeam Backup & Replication and Enterprise Manager to a newer version, VeeamCatalogSvc fails to start if the EM database is located on a remote server. Cause The account that is used to start VeeamCatalogSVC might not have access to the Veeam Enterprise...

CVE-2020-4248

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484...

Information disclosure

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484...

Information disclosure

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761...

CVE-2020-4357

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761...

Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4357 DESCRIPTION: IBM Spectrum Scale could allow a remote attacker to obtain sensitive information when a detailed technic...

Error "No Apps available at this time" on workspace for iOS app after upgrading to ADC 13.0 build 52.24

After upgrading ADC to version 13.0 build 52.24 iOS Workspace App misbehaving by presenting a longer form against usual and error "No Apps available at this time"on login...

CVE-2019-18865

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames...

Information disclosure

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames...

CVE-2019-18865

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames...

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/page/

Summary: Hi : A reflected XSS occurs on https://apps.topcoder.com/wiki/pages/doeditattachment.action when editing wiki pages attachments. Steps To Reproduce: A user can add attachments on https://apps.topcoder.com/wiki/pages/viewpageattachments.action?pageId=165871793 a wiki page and can edit on...

WEM Agent hung sporadically by logon on "application processing"

WEM Agent 1906 sporadically hung after few logins at "application processing". just logoff and logon helps. Client OS: Citrix Virtual Apps Server with Windows Server 2016 latest Updates Error Message in the Event Log: Error while Configuring Registry Security for DOMAIN\test1 Source: Norskale Age...

CVE-2019-4729

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519...