4947 matches found
CVE-2020-3248
Cisco UCS Director and Cisco UCS Director Express for Big Data expose multiple REST API vulnerabilities (CVE-2020-3248 and related CVEs) that may allow a remote attacker to bypass authentication or perform directory traversal. Root cause: insufficient validation of user input in REST API paths (e...
CVE-2020-3247
CVE-2020-3247 affects Cisco UCS Director and Cisco UCS Director Express for Big Data REST API. The issues stem from insufficient input validation in the REST API (and related file upload handling), enabling remote attackers to bypass authentication or perform directory traversal on affected devic...
CVE-2020-3247 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...
CVE-2020-3247 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...
CVE-2020-3243 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...
CVE-2020-3243
CVE-2020-3243 relates to Cisco UCS Director and Cisco UCS Director Express for Big Data REST API vulnerabilities that may allow a remote attacker to bypass authentication or perform directory traversal on affected devices. According to NVD, CVSSv3 base score is 9.8 (CRITICAL) with network attack ...
CVE-2020-3243 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...
CVE-2020-3240 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...
CVE-2020-3240 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...
CVE-2020-3240
CVE-2020-3240 affects Cisco UCS Director and Cisco UCS Director Express for Big Data REST API. The advisory and third-party writeups confirm multiple vulnerabilities in the REST API that may allow a remote attacker to bypass authentication or perform directory traversal. The root cause involves i...
CVE-2020-3239
CVE-2020-3239 affects Cisco UCS Director and Cisco UCS Director Express for Big Data. The REST API has multiple vulnerabilities that may allow a remote attacker to bypass authentication or perform directory traversal on an affected device. Exploitation is remote and network-driven, tied to REST A...
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details "details"...
CVE-2020-6238
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...
Input validation
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...
CVE-2020-6238
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...
CVE-2020-6238
SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 are affected by an insecure XML input handling flaw in the Rest API (Servlet xyformsweb), causing Missing XML Validation. The vulnerability affects confidentiality and availability (partially). Root cause: unvalidated XML input processing in the Re...
PT-2020-19034 · Sap · Sap Commerce
Name of the Vulnerable Software and Affected Versions: SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 Description: The issue is related to the insecure processing of XML input in the Rest API from the Servlet xyformsweb, leading to Missing XML Validation. This affects the confidentiality and...
CVE-2019-4603
IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295...
CVE-2019-4603
IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295...
Design/Logic Flaw
IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295...