Lucene search
K

117 matches found

CNVD
CNVD
added 2025/05/23 12:0 a.m.3 views

IBM Aspera Faspex Unauthorized Access Vulnerability

IBM Aspera Faspex is a centralized file transfer solution designed to enable file exchange between users through an email-like workflow. An unauthorized access vulnerability exists in IBM Aspera Faspex. The vulnerability is due to client-side enforcement of server-side security mechanisms and can...

8.8CVSS6.5AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2025/05/22 5:15 p.m.17 views

CVE-2025-33137

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security...

8.8CVSS0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/05/11 3:15 a.m.18 views

CVE-2025-4527

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

6.3CVSS5.1AI score0.00428EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2025/05/11 2:0 a.m.20 views

CVE-2025-4527 Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

6.3CVSS0.00428EPSS
Exploits0References5
CVE
CVE
added 2025/05/11 2:0 a.m.49 views

CVE-2025-4527

The CVE-2025-4527 entry concerns Dígitro NGC Explorer 3.44.15 and the Password Transmission Handler component. Public records describe a vulnerability that causes client-side enforcement of server-side security, with remote initiation, high attack complexity, and difficult exploitation. Multiple ...

6.3CVSS5.1AI score0.00428EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/05/11 12:0 a.m.5 views

Dígitro NGC Explorer 安全漏洞

Dígitro NGC Explorer is a Dígitro intelligent analytics platform for emergency call systems NGC for public safety communications data processing. A security vulnerability exists in Dígitro NGC Explorer version 3.44.15 that originates from client-side forced server-side security...

6.3CVSS5.1AI score0.00428EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/07 12:21 a.m.24 views

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

8.8CVSS7.3AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/05 12:0 a.m.3 views

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.4.2, which stems from client-side enforcement of server-side security and could lead to bypassing a two-factor authentication configuration...

8.8CVSS6.7AI score0.00273EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/15 6:16 a.m.7 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS7.2AI score0.00305EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 3:15 p.m.6 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 2:54 p.m.9 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

4.3CVSS0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 2:54 p.m.4 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

4.3CVSS5AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:4 p.m.10 views

CVE-2022-1525

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

9.1CVSS7.2AI score0.00694EPSS
Exploits0References1
NVD
NVD
added 2025/01/22 4:15 p.m.18 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

6.4CVSS0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 12:0 a.m.11 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2024/11/26 4:36 p.m.1 views

Client-Side Enforcement of Server-Side Security

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security due to improper implementation of password policy validations in the /api/v1/user/accept-invite endpoint. An attacker can...

8.8CVSS6.9AI score0.00536EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/12 6:53 p.m.9 views

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

7.5CVSS7AI score0.02744EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/12 6:53 p.m.108 views

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

7.5CVSS0.02744EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.9 views

PT-2024-7955 · Fortinet · Fortianalyzer +2

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer-BigData versions 6.2.5, 6.4.5 through 6.4.7, 7.0.1 through 7.0.6, 7.2.0 through 7.2.6, 7.4.0 FortiManager versions 6.4.0 through 6.4.14, 7.0.0 through 7.0.11, 7.2.0 through 7.2.4, 7.4.0 through 7.4.1 FortiAnalyzer versions 6.4.0...

8.8CVSS7.4AI score0.02744EPSS
Exploits1References7
CNVD
CNVD
added 2024/08/29 12:0 a.m.4 views

Unspecified Vulnerability in CyberArk Identity Management

CyberArk Identity Management is an identity management program from CyberArk Israel. CyberArk Identity Management suffers from a security vulnerability that stems from client-side execution of server-side security. No detailed vulnerability details are provided at this time...

8.3CVSS7AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder