12 matches found
CVE-2026-9831
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...
CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...
PT-2026-44998
Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...
CVE-2026-0689
In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...
CVE-2026-0689
In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...
CVE-2026-0689
Affected product/versions: ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10. Vulnerable component: NAC administration interface. Root cause / flaw: Authenticated NAC admin requests return underlying credential values in HTTP responses while UI shows redacted values, enabling recovery of stor...
CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response
In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...
CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response
In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...
EUVD-2026-9177
In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...
PT-2026-22608
Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ – Site Engine XIQ‑SE versions prior to 26.2.10 Description A flaw exists in the NAC administration interface that allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. While...
Extreme Networks Extreme ExtremeCloud IQ Site Engine 信息泄露漏洞
Extreme Networks ExtremeCloud IQ Site Engine Extreme Networks XIQ-SE is a site engine from Extreme Networks, Inc. providing end-to-end management of wired and wireless devices from the edge to the data center and across multi-vendor environments. A security vulnerability exists in Extreme Network...
Extreme Networks Extreme ExtremeCloud IQ Site Engine 路径遍历漏洞
Extreme Networks ExtremeCloud IQ Site Engine Extreme Networks XIQ-SE is a site engine from Extreme Networks, Inc. providing end-to-end management of wired and wireless devices from the edge to the data center and across multi-vendor environments. A path traversal vulnerability exists in Extreme...