The Differences Between API Gateway and WAAP — and Why You Need Both

...

EUVD-2023-30085

Malicious code in bioql PyPI...

Surges in Cyber Activity Accompany Regional Military Operations

Geopolitical events and military operations often trigger a cascade of online activity, both legitimate and malicious. Recent data from our global threat network highlights the strong connection between military escalations and cyberattacks, with the latest example unfolding in the Middle East...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

Imperva: A Leader in WAAP

Imperva – a Thales company and leading provider of Web Application and API Protection WAAP solutions, is a force to be reckoned with in the cybersecurity landscape. Our comprehensive approach to security, encompassing database security, enterprise application security, bot management, DDoS...

Beyond the Edge: Complementing WAAP with Always-On API Security

Learn best practices for API security — and explore why WAAP on its own isn’t enough...

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...

Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk

Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally...

Akamai Recognized as a Customers’ Choice for Cloud WAAP for the 5th Year

...

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 critical, the vulnerability...

Why it Pays to Have a Comprehensive API Security Strategy

In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces APIs play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need for robust...

Wallarm Named a Leader in GigaOm Radar for API Security

I am thrilled to share that Wallarm, has been named a leader in the GigaOm Radar for API Security! We would like to share insights from the recent GigaOm 2023 API Security Radar report, particularly shining a spotlight on our Advanced API Security solution. The growing importance of APIs and API...

Unpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580)

Insights and Protections On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group TAG. They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

Design/Logic Flaw

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

PT-2023-20570 · Ubika · Ubika Waap Gateway/Cloud

Name of the Vulnerable Software and Affected Versions: UBIKA WAAP Gateway/Cloud versions prior to 6.11.0 UBIKA WAAP Gateway/Cloud versions prior to 6.5.6-patch15 Description: A blind XPath injection issue leads to an authentication bypass by stealing the session of another connected user...

CVE-2023-26261

Summary: CVE-2023-26261 affects Ubika WAAP Gateway/Cloud (up to v6.10). It describes a blind XPath injection that enables authentication bypass by stealing another user’s session. Impact: enables unauthorized session hijacking with high impact on confidentiality, integrity, and availability as pe...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...