117 matches found
IBM Aspera Faspex Unauthorized Access Vulnerability
IBM Aspera Faspex is a centralized file transfer solution designed to enable file exchange between users through an email-like workflow. An unauthorized access vulnerability exists in IBM Aspera Faspex. The vulnerability is due to client-side enforcement of server-side security mechanisms and can...
CVE-2025-33137
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security...
CVE-2025-4527
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...
CVE-2025-4527 Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...
CVE-2025-4527
The CVE-2025-4527 entry concerns Dígitro NGC Explorer 3.44.15 and the Password Transmission Handler component. Public records describe a vulnerability that causes client-side enforcement of server-side security, with remote initiation, high attack complexity, and difficult exploitation. Multiple ...
Dígitro NGC Explorer 安全漏洞
Dígitro NGC Explorer is a Dígitro intelligent analytics platform for emergency call systems NGC for public safety communications data processing. A security vulnerability exists in Dígitro NGC Explorer version 3.44.15 that originates from client-side forced server-side security...
CVE-2025-32359
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...
Zammad 安全漏洞
Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.4.2, which stems from client-side enforcement of server-side security and could lead to bypassing a two-factor authentication configuration...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2022-1525
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
Client-Side Enforcement of Server-Side Security
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security due to improper implementation of password policy validations in the /api/v1/user/accept-invite endpoint. An attacker can...
CVE-2024-23666
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...
CVE-2024-23666
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...
PT-2024-7955 · Fortinet · Fortianalyzer +2
Name of the Vulnerable Software and Affected Versions: FortiAnalyzer-BigData versions 6.2.5, 6.4.5 through 6.4.7, 7.0.1 through 7.0.6, 7.2.0 through 7.2.6, 7.4.0 FortiManager versions 6.4.0 through 6.4.14, 7.0.0 through 7.0.11, 7.2.0 through 7.2.4, 7.4.0 through 7.4.1 FortiAnalyzer versions 6.4.0...
Unspecified Vulnerability in CyberArk Identity Management
CyberArk Identity Management is an identity management program from CyberArk Israel. CyberArk Identity Management suffers from a security vulnerability that stems from client-side execution of server-side security. No detailed vulnerability details are provided at this time...