Cross-Site Request Forgery (CSRF)

OpenShift Enterprise is vulnerable to cross-site request forgery CSRF. The server is unable to verify the authenticity of web requests due to a lack of anti-CSRF protection mechanism in the REST API, allowing an attacker to submit requests on behalf of the user, and potentially obtain credentials...

etcd 3.2.x, 3.3.x Authentication Vulnerability

etcd is vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

Description of the security update for SharePoint Enterprise Server 2016: January 8, 2019

Description of the security update for SharePoint Enterprise Server 2016: January 8, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, se...

Sprint End Date in a distant future causes OutOfMemoryError

h3. Summary Jira Software REST API /rest/agile/1.0/sprint/ is allowing to enter a date in the future, much higher than what is allowed by the UI . That causes Jira to hit OutOfMemoryError when loading a board based on a sprint having a big number of years as "End Date" due to excessive object...

Authentication flaw

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1778

CVE-2018-1778 (IBM API Connect / LoopBack) affects IBM API Connect versions 2018.1 through 2018.4.1 and 5.0.8.0 through 5.0.8.4. The vulnerability arises when the AccessToken model is exposed via a REST API, enabling an attacker to create an access token for any user who has a known userId, poten...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium;...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium;...

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS...

Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

CVE-2018-1883

CVE-2018-1883 affects IBM MQ Console REST API in IBM MQ 9.0.2–9.0.5 and 9.1.0.0. The issue enables a denial-of-service condition preventing users from logging into the MQ Console REST API. The IBM bulletin indicates affected products and provides remediation: upgrade to IBM MQ V9.1.1 for the 9 CD...

CVE-2018-1883

A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969...