[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 250591 Download | Alert*

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.

In Versa Director, the un-authentication request found.

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.


Pages:      Start    11140    11141    11142    11143    11144    11145    11146    11147    11148    11149    11150    11151    11152    11153    ..   25059

© SecPod Technologies