Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Authentication Bypass by Alternate Name CVE-2025-14777

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14777 DESCRIPTION: A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization...

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

GHSA-79VV-VP32-GPP7 Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have tw...

SSRF Vulnerability in WebVPN Resource Access Control System of Beijing Netrexport Technology Co.

WebVPN Resource Access Control System is a tool that provides users with easy client-free access to resources. Ltd. WebVPN Resource Access Control System suffers from SSRF vulnerability, which can be exploited by attackers to probe intranet information and obtain sensitive information...

Weak Password Vulnerability in Resource Access Control System (WebVPN) of Beijing Netrexport Technology Co.

Resource Access Control System WebVPN is a tool that provides users with easy client-free access to resources. Ltd. Resource Access Control System WebVPN suffers from a weak password vulnerability, which can be exploited by an attacker to log in to the VPN frontend in bulk to obtain sensitive...

Command Execution Vulnerability in Resource Access Control System (WebVPN) of Beijing Netrexel Technology Co.

Resource Access Control System WebVPN is a tool that provides users with easy client-free access to resources. Ltd. Resource Access Control System WebVPN suffers from a command execution vulnerability that can be exploited by an attacker to gain control of a web server...

Logic Flaw Vulnerability in Resource Access Control System (WebVPN) of Beijing Netrad Technology Co.(CNVD-2020-48923)

Ltd. resource access control system WebVPN provides users with a client-free tool for easy access to resources. A logic flaw vulnerability exists in the Resource Access Control System WebVPN of Beijing Netreda Technology Co. An attacker can exploit this vulnerability to obtain sensitive informati...

Logic Flaw Vulnerability in Resource Access Control System (WebVPN) of Beijing Netrexport Technology Co.

Ltd. resource access control system WebVPN provides users with a client-free tool for easy access to resources. WebVPN is vulnerable to logical flaws that can be exploited by attackers to steal user identities or even directly penetrate intranet systems...

SUSE-SU-2020:0660-1 Security update for openstack-manila

This update for openstack-manila fixes the following issues: - CVE-2020-9543: Fixed an issue where other project users to view, update, delete, or share resources that do not belong to them, due to a context-free lookup of a UUID bsc1165643...

PT-2019-4650 · Ibm · Ibm Security Guardium Big Data Intelligence

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Big Data Intelligence version 4.0 Description: The issue is related to the lack of protection for service data in the Security Guardium Big Data Intelligence software. This could allow a remote attacker to gain...

CVE-2011-1683

IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...