1063 matches found
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability
A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface CLI command on the ACE with admin user privileges. The vulnerability is due to insufficient validation of user-supplied...
CVE-2016-1301
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1112 and Cisco Prime Security Manager PRSM software before 9.3.1.1112 allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842...
Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability
A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager PRSM could allow an authenticated, remote attacker to change the password of any user on the system. The vulnerability exists because the password change request is not fully qualified. An...
Cisco Videoscape Distribution Suite Service Manager Security Bypass Vulnerability
Cisco Videoscape Distribution Suite Service Manager is a suite of reporting and analysis tools for VDS products from Cisco in the United States. Cisco Videoscape Distribution Suite Service Manager fails to use RBAC control over back-end database access in real-time, allowing remote attackers to...
Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability
A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...
Cisco Secure Access Control Server Security Restriction Bypass Vulnerability
Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A security restriction bypass vulnerability exists in Cisco Secure Access Control Server 5.7. It allows an authenticated remote user to bypass expected RBAC restrictions by accessing...
Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability
A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...
Unspecified Vulnerability in Persistent Systems Accelerite Radia Client Automation
Persistent Systems Accelerite Radia Client Automation formerly known as HP Client Automation is a client automation management solution from Persistent Systems India. The solution provides monitoring, alerting, auto-remediation and reporting on hardware, applications and operating systems. A...
HP Client Automation and Radia Client Automation is vulnerable to remote code execution
Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...
CVE-2015-7862
Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors...
Improper access control
Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors...
CVE-2015-7862
CVE-2015-7862 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The vulnerability stems from improper implementation of Role Based Access Control, allowing a remote attacker to modify an account’s role assignments via unspe...
Red Hat PicketLink IDP ignores role based authorization
No description provided by source...
Red Hat PicketLink Privilege Bypass Vulnerability
Red Hat PicketLink is a unified identity management framework for Java applications. The 'invokeNextValve' function in the identity/federation/bindings/tomcat/idp/AbstractIDPValve.java file of Red Hat PicketLink failed to correctly Checking role-based authorization allows remote attackers to send...
CVE-2015-3158
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...
Authorization
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...
CVE-2015-3158
CVE-2015-3158 affects PicketLink in Red Hat JBoss EAP 6.x where the invokeNextValve in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java fails to enforce role-based authorization. This allows remote authenticated users to access restricted resources via a direct request or an SP-initi...
PicketLink: PicketLink IDP ignores role based authorization
A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...
PicketLink: PicketLink IDP ignores role based authorization
A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...
PicketLink: PicketLink IDP ignores role based authorization
A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...