Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

CVE-2019-1667 Cisco HyperFlex Arbitrary Statistics Write Vulnerability

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...

CVE-2019-1667

CVE-2019-1667 describes a vulnerability in the Graphite interface of Cisco HyperFlex software where an authenticated, local attacker can write arbitrary data to Graphite due to insufficient authorization controls. A successful exploit could cause invalid statistics to be presented in the Graphite...

CVE-2019-1667

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...

Cisco HyperFlex Arbitrary Statistics Write Vulnerability

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...

ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities

ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities Exploit Title: ZTE ADSL ZXV10 W300 modems - Multiple vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.zte.com.cn Versions Reported: W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 CVE-ID: CVE-2015-7257 CVE-2015-7258 CVE-2015-7259...

Cisco Connected Grid Network Management System Privilege Escalation Vulnerability

A vulnerability in the web GUI of Cisco Connected Grid Network Management System could allow an authenticated, remote attacker to perform limited configuration changes while logged in as a user having the Monitor-Only role. The vulnerability is due to insufficient authorization controls. An...

Cisco MediaSense Search and Play Authorization Vulnerability

A vulnerability in the Search and Play interface of Cisco MediaSense could allow an authenticated, remote attacker to access recordings in the Search and Play interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the...