325 matches found
GHSA-W8FP-3GWQ-GXPW Concrete CMS vulnerable to Cross-site Request Forgery
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...
Cross site request forgery (csrf)
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...
PortlandLabs Concrete CMS 跨站请求伪造漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a security vulnerability that stems from a lack of state parameters in the external authentication service, which makes it susceptible to CSRF...
PT-2022-27009 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS affected versions not specified Description: The issue is related to a lack of the State parameter for the external Concrete authentication service, specifically affecting users who utilize the "out of the box" core OAuth. This...
CVE-2022-43693
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...
PT-2022-17478 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...
CVE-2022-2572
CVE-2022-2572 affects Octopus Server when authentication is managed by an external provider. The issue: API keys of disabled/deleted users remain valid after access is revoked, enabling potential unauthorized use. Documented impact is high (CVSS 3.1: CRITICAL, 9.8), with network attack vector, no...
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...
Security Bulletin: Application not signed properly in IBM Sterling External Authentication Server (CVE-2013-0521)
Abstract IBM Sterling External Authentication Server is vulnerable to running untrusted code. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0521 DESCRIPTION: Java Webstart App is not signed correctly The IBM Sterling External Authentication Server Webstart GUI is signed with a self-signed...
Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-0514, CVE-2013-0517)
Abstract IBM Sterling External Authentication Server is vulnerable to code execution and information disclosure attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0517 DESCRIPTION: OS Command Execution via Command Line Adapter Application allows the administrator to configure an OS command t...
Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-1571, CVE-2013-1500, CVE-2013-0443, CVE-2013-0440, CVE-2013-0169)
Abstract The IBM JRE embedded in the IBM Sterling External Authentication Server has security vulnerabilities in its Javadoc, and in SSL connections to the configuration GUI. Content VULNERABILITY DETAILS CVE ID: CVE-2013-1571 DESCRIPTION: The Javadoc documentation generated for the Sterling...
CVE-2022-36093
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...
CVE-2022-20914
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...
CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...
CVE-2022-20914
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...
Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty
Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Secure External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions,...
Cisco Email Security Appliance External Authentication Bypass (cisco-sa-sma-esa-auth-bypass-66kEcxQD)
A vulnerability in the external authentication functionality of Email Security Appliance could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an...