15 matches found
CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...
CVE-2026-33585
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
PT-2026-40776
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2022-34352
IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403...
CVE-2022-34352
CVE-2022-34352 affects IBM QRadar SIEM 7.5.0 where a delegated Admin tenant user with a specific domain security profile can see data from other domains. Root cause: information exposure due to an incomplete fix. Impact: information disclosure between tenants/data domains. Remediation: IBM adviso...
IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2023-11693)
IBM QRadar SIEM is a solution from IBM that leverages security intelligence to protect assets and information from advanced threats. IBM QRadar SIEM versions 7.4 and 7.5 contain an information disclosure vulnerability that originates when a non-tenant user assigned a domain-specific security...
CVE-2022-34351
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402...
CVE-2022-34351
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402...
Code injection
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402...
CVE-2022-34351
IBM QRadar SIEM vulnerable to information exposure (CVE-2022-34351) where a non-tenant user with a domain-specific security profile could view data from other domains in QRadar SIEM 7.4.x (7.4.0–7.4.3) and 7.5.x (7.5.0–7.5.0 Update Pack 3). The root cause is an information disclosure condition de...
IBM QRadar SIEM 信息泄露漏洞
IBM QRadar SIEM is a solution from IBM that leverages security intelligence to protect assets and information from advanced threats. IBM QRadar SIEM versions 7.4 and 7.5 contain an information disclosure vulnerability that originates when a non-tenant user assigned a domain-specific security...
Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2022-34351)
Summary IBM QRadar SIEM is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM QRadar SIEM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2022-34351 DESCRIPTION: IBM QRadar SIEM i...
CVE-2021-28052
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
CVE-2021-28052
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
CVE-2020-8589
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines SVMs and filenames on those SVMs...