Lucene search
K

174 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 3:14 p.m.11 views

Security Bulletin: IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to SOAPAction spoofing CVE-2022-38712 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

5.9CVSS5.6AI score0.00475EPSS
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2022/11/03 12:0 a.m.31 views

D-Link DIR-1935 SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsi...

8.8CVSS3.7AI score0.01006EPSS
Exploits0References1
CVE
CVE
added 2022/11/03 12:0 a.m.95 views

CVE-2022-38712

CVE-2022-38712 affects IBM WebSphere Application Server 7.0–9.0 Web services, where a MITM attacker could spoof SOAPAction on JAX-WS web services to execute unwanted or unauthorized operations. The known base score is 5.9 (I:H, A:N) with network attack vector and no user interaction. IBM product ...

5.9CVSS5.5AI score0.00475EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.2 views

PT-2022-24543 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows a man-in-the-middle attacker to conduct SOAPAction spoofing, potentially executing unwanted or unauthorized operations. Recommendations: For versions 7.0...

5.9CVSS5.6AI score0.00475EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.4 views

CVE-2022-38712

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."...

6.7AI score0.00475EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.20 views

CVE-2022-38712

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."...

5.7AI score0.00475EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 9:7 p.m.22 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-38712)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.9CVSS5.6AI score0.00475EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 3:17 p.m.21 views

Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2022-38712)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

5.9CVSS5.5AI score0.00475EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/19 9:19 p.m.23 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-38712)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.9CVSS5.5AI score0.00475EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 9:15 a.m.19 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2022-38712)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

5.9CVSS5.6AI score0.00475EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/17 4:20 p.m.36 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server Web services could allow a man-in-the-middle attacker to...

5.9CVSS5.6AI score0.00475EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/03/31 9:15 p.m.4 views

CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...

9.8CVSS5.8AI score0.03114EPSS
Exploits1References2
NVD
NVD
added 2022/03/31 9:15 p.m.22 views

CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...

9.8CVSS0.03114EPSS
Exploits1References2
Prion
Prion
added 2022/03/31 9:15 p.m.16 views

Buffer overflow

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...

7.5CVSS9.3AI score0.03114EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.5 views

D-Link DIR-645 缓冲区错误漏洞

The D-Link DIR-645 is a wireless router from Taiwan, China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-645 version 1.03 A1, which stems from the hnapmain function in the cgibin handler that uses sprintf to format the soapaction header onto the stack with no limit on size...

9.8CVSS7.2AI score0.03114EPSS
Exploits1References3
OSV
OSV
added 2022/01/13 10:15 p.m.4 views

CVE-2021-34979

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction...

8.8CVSS7.6AI score0.01374EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2021/09/08 12:0 a.m.35 views

NETGEAR XR1000 UPnP SOAPAction Missing Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack ...

6.5CVSS2.3AI score0.00895EPSS
Exploits0References1
OSV
OSV
added 2021/07/15 6:15 p.m.3 views

CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS6.1AI score0.02333EPSS
Exploits0References1
NVD
NVD
added 2021/07/15 6:15 p.m.20 views

CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS0.02333EPSS
Exploits0References1
NVD
NVD
added 2021/07/15 6:15 p.m.26 views

CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS0.02333EPSS
Exploits0References1
Rows per page
Query Builder