CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

IBM Tivoli Application Dependency Discovery Manager 权限许可和访问控制问题漏洞

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities.

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-47143 DESCRIPTION: IBM Tivoli Application Dependency Discovery Manager is vulnerable to HTTP header injection, caused by improper...

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-41301

CVE-2023-41301 describes a vulnerability in the PMS module enabling unauthorized API access, with exploitation potentially causing features to behave abnormally. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and ...

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...

PT-2023-27889 · Unknown · Pms Module

Name of the Vulnerable Software and Affected Versions: PMS module affected versions not specified Description: The issue concerns unauthorized API access in the PMS module, which may lead to abnormal feature performance upon successful exploitation. Recommendations: At the moment, there is no...

Ovarro TBox RTU 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. A security vulnerability exists in the Ovarro TBox RTUs that stems from a lack of authorization to run certain API commands, which could be exploited by an attacker to disclose sensitive information, such...

CVE-2022-27487

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS...

CVE-2022-27487

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS...

CVE-2022-27487

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS...

KubeOperator 授权问题漏洞

KubeOperator is an open source, lightweight Kubernetes distribution focused on helping organizations plan, deploy, and operate production-grade K8s clusters. An authorization issue vulnerability exists in KubeOperator versions prior to 3.16.4, which stems from the API interacting with an...

Missing Authorization

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...

CVE-2022-1517

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...

CVE-2022-1517

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...

WordPress OptinMonster plugin <= 2.6.4 - Unprotected REST-API to Sensitive Information Disclosure and Unauthorized API access vulnerability

Unprotected REST-API to Sensitive Information Disclosure and Unauthorized API access vulnerability discovered by Chloe Chamberland WordFence in WordPress OptinMonster plugin versions = 2.6.4. Solution Update the WordPress OptinMonster plugin to the latest available version at least 2.6.5...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. A security vulnerability exists in Cisco DNA Center that stems from improper access control to API endpoints. An attacker could exploit the vulnerability by sending specific API requests to the affected applicatio...

CVE-2021-22149

Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a missing authorization weakness for API keys via an alternate route, enabling an authenticated attacker to use API keys belonging to higher-privileged users. Root cause: API keys not properly bound/authorized in altern...

PYSEC-2021-344

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...