CVE-2019-9697

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...

CVE-2019-9697

CVE-2019-9697 affects the Symantec/Norton Management Center REST API (MC) versions 2.0, 2.1, and 2.2 prior to 2.2.2.1. A malicious authenticated user can leverage the MC REST API to obtain passwords for external backup and CPL policy import servers, exposing sensitive credentials that they would ...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability – (CVE-2019-12643)

Cisco published an update for Cisco IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container. The security issue is tracked as CVE-2019-12643 and has...

Critical Cisco VM Bug Allows Remote Takeover of Routers

A critical remote authentication-bypass vulnerability – with the highest possible severity level of 10 out of 10 on the CvSS scale – has been found in the Cisco REST API virtual service container for Cisco IOS XE Software. The bug CVE-2019-12643 affects the following hardware if running the REST...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is...

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

Authentication flaw

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643

The CVE-2019-12643 issue affects the Cisco REST API virtual service container used with Cisco IOS XE Software. Root cause: an improper check in the REST API authentication service allows bypassing authentication, enabling an unauthenticated, remote attacker to obtain the token-id of an authentica...

CVE-2019-12643 Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643 Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

Authentication bypass vulnerability in Cisco’s IOS XE REST API

This is an authentication bypass vulnerability in Cisco’s IOS XE series OS. While it can target a large swath of Cisco’s switches and routers, it requires the Cisco REST API Container for IOS to be turned on, as it is not on by default. Recent assessments: bwatters-r7 at September 12, 2019 6:06pm...

Information Disclosure Vulnerability in MC

SUMMARY The Symantec Management Center REST API is susceptible to an information disclosure vulnerability. A malicious authenticated user can obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. AFFECTED PRODUCTS Management Cent...

Scientific Linux Security Update : spice-gtk on SL7.x x86_64 (20190806)

The libgovirt packages contain a library that allows applications to use the oVirt Representational State Transfer REST API to list virtual machines VMs managed by an oVirt instance. The library is also used to get the connection parameters needed to establish a connection to the VMs using Simple...

Cisco Elastic Services Controller REST API Authentication Bypass (CVE-2019-1867)

An authentication bypass vulnerability exists in the REST API of Cisco Elastic Services Controller. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with administrative privileges on the target machine...

Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability

According to its self-reported version number, the Cisco TelePresence VCS or Expressway Series on the remote host contains a vulnerability in the web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an authenticated, remote attacker t...

Exploit for Path Traversal in Wordpress

CodePath Week 7-8 CodePath Assignment for Weeks 7 & 8: CVE...

Authorization Bypass

magento/community-edition is vulnerable to authorization bypass. The vulnerability exists as a user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information...