Lucene search
+L

325 matches found

OSV
OSV
added 2022/11/14 7:0 p.m.25 views

GHSA-W8FP-3GWQ-GXPW Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

8.8CVSS8.8AI score0.0044EPSS
Exploits0References7
Prion
Prion
added 2022/11/14 5:15 p.m.13 views

Cross site request forgery (csrf)

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

6.8CVSS8.8AI score0.0044EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.28 views

PortlandLabs Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a security vulnerability that stems from a lack of state parameters in the external authentication service, which makes it susceptible to CSRF...

8.8CVSS7.9AI score0.0044EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.9 views

PT-2022-27009 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS affected versions not specified Description: The issue is related to a lack of the State parameter for the external Concrete authentication service, specifically affecting users who utilize the "out of the box" core OAuth. This...

8.8CVSS7.1AI score0.0044EPSS
Exploits0References13
OSV
OSV
added 2022/11/14 12:0 a.m.14 views

CVE-2022-43693

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

8.8CVSS8.9AI score0.0044EPSS
Exploits0References7
OSV
OSV
added 2022/11/01 2:15 a.m.4 views

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

9.8CVSS5.8AI score0.00833EPSS
Exploits0References1
NVD
NVD
added 2022/11/01 2:15 a.m.33 views

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

9.8CVSS0.00833EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.9 views

PT-2022-17478 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...

9.8CVSS9.4AI score0.00833EPSS
Exploits0References3
CVE
CVE
added 2022/11/01 12:0 a.m.53 views

CVE-2022-2572

CVE-2022-2572 affects Octopus Server when authentication is managed by an external provider. The issue: API keys of disabled/deleted users remain valid after access is revoked, enabling potential unauthorized use. Documented impact is high (CVSS 3.1: CRITICAL, 9.8), with network attack vector, no...

9.8CVSS9.5AI score0.00833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.38 views

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

9.8AI score0.00833EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:31 a.m.23 views

Security Bulletin: Application not signed properly in IBM Sterling External Authentication Server (CVE-2013-0521)

Abstract IBM Sterling External Authentication Server is vulnerable to running untrusted code. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0521 DESCRIPTION: Java Webstart App is not signed correctly The IBM Sterling External Authentication Server Webstart GUI is signed with a self-signed...

7.8CVSS5.4AI score0.05044EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.27 views

Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-0514, CVE-2013-0517)

Abstract IBM Sterling External Authentication Server is vulnerable to code execution and information disclosure attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0517 DESCRIPTION: OS Command Execution via Command Line Adapter Application allows the administrator to configure an OS command t...

7.8CVSS6.4AI score0.05044EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.26 views

Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-1571, CVE-2013-1500, CVE-2013-0443, CVE-2013-0440, CVE-2013-0169)

Abstract The IBM JRE embedded in the IBM Sterling External Authentication Server has security vulnerabilities in its Javadoc, and in SSL connections to the configuration GUI. Content VULNERABILITY DETAILS CVE ID: CVE-2013-1571 DESCRIPTION: The Javadoc documentation generated for the Sterling...

7.8CVSS7.9AI score0.66817EPSS
Exploits4
NVD
NVD
added 2022/09/08 6:15 p.m.47 views

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS0.00687EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/08 5:25 p.m.52 views

CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS8.7AI score0.00687EPSS
Exploits0References3
OSV
OSV
added 2022/08/10 9:15 a.m.6 views

CVE-2022-20914

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

4.9CVSS5.8AI score0.00831EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/10 8:11 a.m.30 views

CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

4.9CVSS5.5AI score0.00831EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/03 11:0 p.m.7 views

CVE-2022-20914

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

4.9CVSS5.9AI score0.00831EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 5:36 p.m.71 views

Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Secure External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions,...

7.5CVSS6.9AI score0.99298EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/27 12:0 a.m.32 views

Cisco Email Security Appliance External Authentication Bypass (cisco-sa-sma-esa-auth-bypass-66kEcxQD)

A vulnerability in the external authentication functionality of Email Security Appliance could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an...

9.8CVSS8.7AI score0.01427EPSS
Exploits0References3
Rows per page
Query Builder