59 matches found
Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0
Summary When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. Impact A malicious actor could perform a man-in-the-middle attack and intercept the...
Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0
Summary An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. Impact An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for...
Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0
Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...
Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0
Summary A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing...
Incorrect authorization for CLI in Guardian/CMC before 25.2.0
Summary An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. Impact An authenticated user with limited privileges can issue administrative CLI commands, altering the device...
Client-side path traversal in Guardian/CMC before 25.2.0
Summary A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. Impact An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a...
Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0
Summary A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthoriz...
CSV Injection on node label
Summary CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. An authenticated malicious user can insert a crafted formula in the node label that can be later executed on another system after another user has downloaded and opened the node li...
Stored XSS in field name data model
Summary An attacker with admin access to the appliance can inject malicious code that will later be executed by another legitimate users. This allows an attacker to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible using the field name when adding new...