CVE-2021-41242

OpenOlat (web-based LMS) has a path traversal vulnerability in REST methods that allow an attacker with a user account and enabled REST API to craft a filename containing a relative path, enabling write access to files anywhere under the web root or beyond depending on server configuration. Affec...

Cross-site Scripting in Apereo CAS

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

GHSA-M3RF-7M4W-R66Q Improper Authentication in Flask-AppBuilder

Impact Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints. Patches Upgrade to...

Improper Authentication in Flask-AppBuilder

Impact Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints. Patches Upgrade to...

CVE-2021-41265

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

CVE-2021-41265

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

Authentication flaw

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

PYSEC-2021-851

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

CVE-2021-41265 Improper Authentication in Flask-AppBuilder

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

CVE-2021-41265

CVE-2021-41265 affects Flask-AppBuilder prior to 3.3.4, due to an improper authentication vulnerability in the REST API. The issue allows a malicious actor to authenticate with a crafted request and access protected REST API endpoints, limited to non-database authentication types and new REST API...

CVE-2021-41265

Removed by vendor...

Apereo CAS XSS vulnerability

Apereo CAS is a web-based enterprise multilingual single sign-on solution. versions prior to Apereo CAS 6.4.1 have a security vulnerability that can be exploited by attackers to send XSS via POST requests to REST API endpoints...

REST API Error: S3 Error: The difference between the request time and the current time is too large / Invalid Credentials for Amazon S3

Challenge This article covers two different errors that occur when performing different tasks, but have the same root cause: When adding S3 Object Storage to Veeam Console, Veeam displays the follow error: Failed to list S3 buckets: check if the specified account has required permissions REST API...

Improper Authentication in Flask-AppBuilder

Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints...

CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

Cross site scripting

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

CVE-2021-42567

Summary (concrete details available) Apereo CAS several versions prior to 6.4.1 are vulnerable to a cross‑site scripting (XSS) flaw that can be triggered by POST requests to the REST API endpoints. The core issue is an XSS vulnerability in the REST API handling where user-supplied data is echoed ...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to improper certificate validation

Summary A vulnerability due to improper certificate validation in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID: CVE-2021-29737 DESCRIPTION: IBM InfoSphere Data Flow Designer Engine component has improper validation of the REST API server certificate. CVSS Base...