CVE-2024-31887

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651...

CVE-2024-31887

The CVE-2024-31887 issue affects IBM Security Verify Privilege On-Premises v11.6.25, where an unauthenticated actor could obtain sensitive information via the SOAP API, representing an information disclosure risk (CVSS v3.1 base score 7.5). The Red Hat/IBM bulletin confirms the affected version a...

CVE-2024-31887 IBM Security Verify Privilege information disclosure

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651...

CVE-2024-31887 IBM Security Verify Privilege information disclosure

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651...

Security Bulletin: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information (CVE-2024-31887)

Summary IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information. The issue has been addressed in an update. Vulnerability Details CVEID:CVE-2024-31887 DESCRIPTION: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive...

IBM Security Verify Privilege 安全漏洞

IBM Security Verify Privilege is a solution from International Business Machines IBM that manages and protects user identities and privileges. An information disclosure vulnerability exists in IBM Security Verify Privilege, which can be exploited by an attacker to obtain sensitive information fro...

PT-2024-24267 · Ibm · Ibm Security Verify Privilege

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Privilege version 11.6.25 Description: The issue allows an unauthenticated actor to obtain sensitive information from the SOAP API. Recommendations: For IBM Security Verify Privilege version 11.6.25, consider restricting...

BIT-SUITECRM-2020-8804

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module...

Cisco Expressway Series XSRF (cisco-sa-expressway-csrf-KnnZDMj3)

According to its self-reported version, Cisco Expressway Series is affected by multiple vulnerabilities. - A vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF...

CVE-2024-20255

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

Cross site request forgery (csrf)

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

CVE-2024-20255

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

PT-2024-1685 · Cisco · Cisco Expressway Series +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server affected versions not specified Description: A vulnerability in the SOAP API could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSR...

SOAP API Detected

This is an informational notice that the scanner was able to detect a SOAP API. No source data...

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of...

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

CVE-2023-34960

CVE-2023-34960 affects Chamilo LMS (version 1.11.* up to 1.11.18) with a command-injection vulnerability in the wsConvertPpt component. An unauthenticated SOAP API call using a crafted PowerPoint name can lead to arbitrary OS command execution. Public details indicate a high/critical impact (CVSS...

VulnCheck KEV: CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...