CVE-2025-33136

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12, which stems from improper protection of presumably immutable data and could...

CVE-2024-9876 Application is vulnerable to Privilege escalation

: Modification of Assumed-Immutable Data MAID vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

ABB多款产品 安全漏洞

ABB ANC ABB Adaptive Noise Cancellation and others are products of ABB Switzerland.ABB ANC is an industrial grade adaptive noise cancellation system for real-time cancellation of specific frequency band noise generated by equipment such as motors/transformers.ABB ANC-L ABB Active Noise Control-...

A Blockchain-Based Approach for Secure and Transparent E-Faktur Issuance in Indonesia'S VAT Reporting System

The implementation of blockchain technology in tax administration offers promising improvements in security, transparency, and efficiency. This paper presents the design of a blockchain-based e-Faktur system aimed at addressing the challenges of issuing and verifying tax invoices within Indonesia...

The vulnerability of the One Identity Manager’s control mechanism for user identification, access rights, and security policies, related to the insecure direct object reference (IDOR), allows attackers to escalate their privileges.

The vulnerability of the User Identification, Access Rights, and Security Policies management tool, One Identity Manager, is related to an insecure direct reference to an object IDOR due to a bypass of authentication using data that are assumed to be immutable. Exploiting this vulnerability can...

Apache HugeGraph 安全漏洞

Apache HugeGraph is a fast and scalable graph database from the Apache USA Foundation. A security vulnerability exists in Apache HugeGraph version 1.0.0 through versions prior to 1.5.0, which stems from the presence of an assumed immutable data vulnerability that could allow an attacker to bypass...

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

Design/Logic Flaw

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

CVE-2023-4669

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0...

CVE-2023-4669

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...

CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...

CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...

PT-2023-30161

Name of the Vulnerable Software and Affected Versions Exagate SYSGuard 3001 versions prior to 3.2.20.0 Description The issue is related to an Authentication Bypass by Assumed-Immutable Data vulnerability, which allows for authentication bypass. This vulnerability affects Exagate SYSGuard 3001...

GHSA-F5X6-7QGP-JHF3 ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

CVE-2022-3875

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...

CVE-2022-3875 Click Studios Passwordstate API authentication bypass by assumed-immutable data

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...

Siemens SINEMA Remote Connect Server

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Modification of Assumed-Immutable Data, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper...

CVE-2020-24516

Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...