CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

Authorization

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

CVE-2021-3044 Cortex XSOAR: Unauthorized Usage of the REST API

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

CVE-2021-3044

CVE-2021-3044 concerns an improper authorization vulnerability in Palo Alto Networks Cortex XSOAR that allows a remote unauthenticated attacker with network access to perform unauthorized actions via the REST API. Affected are Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064,...

Cortex XSOAR: Unauthorized Usage of the REST API

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. Work around: Until the XSOAR server is upgraded, to completely prevent the issu...

Palo Alto Networks Cortex XSOAR 安全漏洞

Palo Alto Networks Cortex XSOAR is a software application from Palo Alto Networks, Inc. It provides a security orchestration, automation, and response platform with threat intelligence management and a built-in marketplace. A security vulnerability exists in Palo Alto Networks Cortex XSOAR, which...

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

CVE-2021-31818

CVE-2021-31818 : Affected product is Octopus Server. The vulnerability is an authenticated SQL injection in the Events REST API caused by user-supplied data not being parameterised, allowing an attacker to access database tables. This is documented across multiple sources (NVD/Red Hat/CNNVD). Exp...

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

Username enumeration on Jira Software Server 8.15 - CVE-2021-26081

Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API. CVE-2021-26081 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before...

Securing REST with free API Firewall. How-to guide

In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully...

CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

Design/Logic Flaw

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

CVE-2021-31831 Incorrect access to deleted scripts vulnerability in McAfee DBSec

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

CVE-2021-31831

CVE-2021-31831 concerns McAfee Database Security (DBSec) prior to 4.8.2. Affected component: REST API access to signed SQL scripts marked as deleted/expired in the administrative console. Root cause: incorrect access control allowing a remote authenticated attacker to gain access to these scripts...

PT-2021-19534 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows a remote authenticated attacker to gain access to signed SQL scripts that have been marked as deleted or expired within the administrative console. This access is...

IBM Engineering Systems Design Rhapsody Access Control Error Vulnerability

IBM Engineering Systems Design Rhapsody is part of the IBM Engineering product portfolio from IBM Corporation, USA. It provides a collaborative design development and test environment for systems engineers supporting UML, SysML, UAF and AUTOSAR. An access control error vulnerability exists in IBM...

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

Improper access control

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...