174 matches found
Security Bulletin: IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to SOAPAction spoofing (CVE-2022-38712)
Summary IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to SOAPAction spoofing CVE-2022-38712 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
D-Link DIR-1935 SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsi...
CVE-2022-38712
CVE-2022-38712 affects IBM WebSphere Application Server 7.0–9.0 Web services, where a MITM attacker could spoof SOAPAction on JAX-WS web services to execute unwanted or unauthorized operations. The known base score is 5.9 (I:H, A:N) with network attack vector and no user interaction. IBM product ...
PT-2022-24543 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows a man-in-the-middle attacker to conduct SOAPAction spoofing, potentially executing unwanted or unauthorized operations. Recommendations: For versions 7.0...
CVE-2022-38712
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."...
CVE-2022-38712
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-38712)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2022-38712)
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-38712)
Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2022-38712)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712)
Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server Web services could allow a man-in-the-middle attacker to...
CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...
CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...
Buffer overflow
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...
D-Link DIR-645 缓冲区错误漏洞
The D-Link DIR-645 is a wireless router from Taiwan, China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-645 version 1.03 A1, which stems from the hnapmain function in the cgibin handler that uses sprintf to format the soapaction header onto the stack with no limit on size...
CVE-2021-34979
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction...
NETGEAR XR1000 UPnP SOAPAction Missing Authentication Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack ...
CVE-2021-34828
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...
CVE-2021-34827
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...
CVE-2021-34828
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...