9 matches found
CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...
Ambassador API Gateway Diagnostics Sensitive Information Disclosure
Ambassador API Gateway includes a diagnostics portal that provides detailed information about the API Gateway's configuration and operation. If this portal is accessible without proper authentication, it can expose sensitive information such as service mappings, API endpoints, routing...
Apache Geode server security bypass vulnerability
Apache Geode is the Apache Software Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. A security vulnerability exists in Apache Geode server versions 1.0.0 through 1.8.0. An attacker...
CVE-2017-15694
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...
IBM Storwize V7000 Unified Information Disclosure Vulnerability (CNVD-2018-10565)
IBM Storwize V7000 Unified is a virtualized storage system from IBM USA. The system provides a single point of control over storage resources, automatic optimization of application storage performance, and other features. A security vulnerability exists in the Web management interface in IBM...
Code injection
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398...
CVE-2018-1467
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398...
CVE-2018-1467
CVE-2018-1467 affects IBM Storwize V7000 Unified: the management Web interface 1.6 exposes internal cluster details to unauthenticated users. Affected code releases span 1.6.0.0–1.6.2.3; IBM lists a fix in v1.6.2.4 or later. If details are needed, refer to IBM’s Security Bulletin for the affected...
CoreOS Tectonic Information Disclosure Vulnerability
CoreOS Tectonic is an automated enterprise Kubernetes platform. The platform automates operational tasks, enabling platform portability and multi-cluster management. An information disclosure vulnerability exists in CoreOS Tectonic version 1.7.x before 1.7.9-tectonic.4 and version 1.8.x before...