Siemens SIMATIC Devices Channel Accessible by Non-Endpoint (CVE-2023-7008)

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. This plugin only works with Tenable.ot. Please visit...

The vulnerability of the Veeam Updater, a component of backup and recovery tools such as Veeam Backup for Salesforce, Veeam Backup for Nutanix AHV, and Veeam Backup for AWS, allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the Veeam Updater, a component of backup and recovery tools such as Veeam Backup for Salesforce, Veeam Backup for Nutanix AHPV, and Veeam Backup for AWS, relates to access to a channel from a non-endpoint location. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the dashboard interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute a type “man-in-the-middle” attack.

The vulnerability of the dashboard interface of the IBM Sterling B2B Integrator software lies in the ability to access the channel from a non-endpoint location. Exploiting this vulnerability allows an attacker operating remotely to execute a “man-in-the-middle” type attack...

Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager v4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

The vulnerability in the Web Console Management Console of Veeam Backup Enterprise Manager allows a perpetrator to bypass authentication procedures.

The vulnerability of the Veeam Backup Enterprise Manager web management console relates to access to a channel from a non-endpoint location. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - July 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V24.0.0. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...

The vulnerability of platform monitoring systems for events detection, threat detection, and security analytics in IBM QRadar Suite and IBM Cloud Pak for Security lies in the ability to access channels from non-endpoints, allowing attackers to carry out “man-in-the-middle” attacks.

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to access from a point that is not a final destination. Exploiting these vulnerabilities could allow a remote attacker to carr...

The vulnerability in the implementation of Secure Connections Pairing and Secure Simple Pairing according to the Bluetooth Core Specification allows a attacker to carry out a “man-in-the-middle” attack.

The vulnerability of the Secure Connections Pairing and Secure Simple Pairing implementations in the Bluetooth Core Specification relates to the retrieval of session keys upon accessing a channel from a non-endpoint. Exploiting this vulnerability could allow an attacker to carry out a...

The vulnerability of the Netlogon service in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Netlogon service in Windows operating systems relates to access to a channel from a non-endpoint location. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

CBOT Chatbot 安全漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a non-endpoint accessible channel allowing man-in-the-middle attacks...

CVE-2023-2310

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

CVE-2023-2310

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

Design/Logic Flaw

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

CVE-2023-2310 Channel Accessible by Non-Endpoint

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

CVE-2023-2310

CVE-2023-2310 affects Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC). Connected docs describe a Channel Accessible by Non-Endpoint vulnerability that could allow a remote attacker to perform a man-in-the-middle (MiTM) attack, potentially causing denial of service. ...

The vulnerability of Microsoft Exchange Server servers, related to access to a channel from a non-endpoint location, allows attackers to perform spoofing attacks.

The vulnerability of Microsoft Exchange Server lies in the access to the channel from a point that is not a final destination. Exploiting this vulnerability allows an attacker to perform spoofing attacks remotely...

PT-2023-1072 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a spoofing vulnerability in Microsoft Exchange Server, allowing remote attackers to conduct spoofing attacks by accessing the channel from a...

The vulnerability of the TUG Home Base Server lies in its ability to access a channel from a non-endpoint, allowing attackers to execute a “man-in-the-middle” attack.

The vulnerability of the TUG Home Base Server relates to access to a channel from a point that is not a final destination. Exploiting this vulnerability allows a remote attacker to carry out a “man-in-the-middle” attack...

Aethon TUG Home Base Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Aethon owned by ST Engineering Equipment: TUG Home Base Server Vulnerabilities: Missing Authorization, Channel Accessible by Non-endpoint, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...