Tomcat version information disclosed when calling REST endpoints

h3. Issue Summary When accessing the REST API endpoints as an unauthenticated user an error page is displayed and this page contains the version information for Tomcat. This is a security concern and should not be disclosed. h3. Steps to Reproduce As an unauthenticated user access the following...

Security Bulletin: IBM MQ Console and REST API are vulnerable to multiple Denial of service attacks within HTTP/2 (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9514, CVE-2019-9512, CVE-2019-9513)

Summary Several issues were reported against the HTTP/2 implementation used by IBM WebSphere Application Server Liberty Profile which is used to host the IBM MQ Console and REST API. Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a settings...

Information Disclosure

buddypress is vulnerable to information disclosure. Requests to a some of the REST API endpoints can allow an unauthenticated remote attacker to obtain private user data...

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

Authentication flaw

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-5244 Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-5244

CVE-2020-5244 affects the WordPress BuddyPress plugin prior to version 5.1.2. The vulnerability allows an unauthenticated attacker to trigger requests to a REST API endpoint and disclose private user data. The root cause is an information-disclosure flaw in the exposed REST endpoint, enabling exp...

Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

GHSA-3J78-7M59-R7GV Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-3112

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

Improper access control

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

CVE-2020-3112

CVE-2020-3112 is a privilege-escalation vulnerability in Cisco Data Center Network Manager (DCNM) REST API. The issue stems from insufficient access control validation, allowing an authenticated, low-privilege user to send crafted API requests and interact with the API with administrative privile...

CVE-2020-3112 Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

CVE-2020-3112 Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

Cross site scripting

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

Sql injection

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...