107 matches found
CVE-2022-48317
CVE-2022-48317 affects Tribe29 Checkmk up to 2.1.0p10 and up to 2.0.0p28. Root cause: expired sessions are not securely terminated in the RestAPI, enabling use of expired session tokens during RestAPI communication. Impact metrics indicate potential high impact to confidentiality, integrity, and ...
CVE-2022-48317 Insecure Termination of RestAPI Session Tokens
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...
CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
Information Disclosure
FreeTAKServer-UI is vulnerable to information disclosure. The vulnerability exists because it exposes sensitive API and Websocket keys through the leakage of the RestAPI and Websocket tokens in WebUI...
FreeTAKServer-UI Information Disclosure Vulnerability
FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...
IBM Sterling External Authentication Server路径遍历漏洞
IBM Sterling External Authentication Server is a client application used to implement extended authentication and validation services for IBM products. IBM Sterling External Authentication Server path traversal vulnerability, which stems from a failure to properly validate RESTAPI configuration...
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
Path traversal
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
CVE-2022-22349
CVE-2022-22349 affects IBM Sterling External Authentication Server, with vulnerable versions 3.4.3.2, 6.0.2.0, and 6.0.3.0. The root cause is improper validation of RESTAPI configuration data, enabling an authorized user to import invalid data that could be used for an attack via path traversal. ...
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
ManageEngine ServiceDesk Plus < 11.3 Build 11306 / ManageEngine ServiceDesk Plus MSP < 10.5 Build 10530 RCE
A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 11.3 Build 11306 and ManageEngine ServiceDesk Plus MSP prior to 10.5 Build 10530 due to a flaw in the /RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration. Note that Nessus has not teste...
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Recent assessments:...
Unspecified Vulnerability in Wordpress MStore API
Wordpress MStore API is Wordpress open source an application plugin . Provides a configuration for Mstore, FluxStore mobile devices and support RestAPI to connect to the application features . MStore API WordPress plugin version 3.2.0 before the existence of a security vulnerability that can be...
NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode...
Cisco UCS Director RestAPI Remote Code Execution (CVE-2020-3247)
A remote code execution vulnerability exists in Cisco UCS Directory. The vulnerability is due to insufficient validation of user input within ApplianceFileUploadEntryFormPage class' CopyFileRunnable run method. A remote authenticated attacker can exploit the vulnerability by sending malicious...
CVE-2020-3384 Cisco Data Center Network Manager Command Injection Vulnerability
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...
PYSEC-2020-87
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level...
PYSEC-2020-87
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level...
CVE-2020-7938
Plone 5.2.0–5.2.1 with plone.restapi contains a privilege-escalation flaw that lets users with a certain privilege level elevate to the highest level. The issue, tracked as CVE-2020-7938, affects the REST API component and can impact confidentiality, integrity, and availability. The connected sou...