5 matches found
CVE-2023-25581
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2022-43860
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305...
PT-2024-12067 · Pac4J · Pac4J
Name of the Vulnerable Software and Affected Versions: pac4j versions prior to 4.0.0 Description: The vulnerability is a Java deserialization issue that affects systems storing externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2022-43860
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305...
PT-2022-27036 · Ibm · Ibm Navigator For I
Name of the Vulnerable Software and Affected Versions: IBM Navigator for i versions 7.3 through 7.5 Description: The issue allows an authenticated user to obtain sensitive information they are authorized to, but not while using this interface, by performing an SQL injection. This could enable an...