Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12161 | 1 Keycloak | 1 Keycloak | 2024-11-21 | N/A |
| It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks. | ||||
| CVE-2024-20476 | 2024-11-06 | 4.3 Medium | ||
| A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. | ||||
| CVE-2024-43188 | 1 Ibm | 1 Business Automation Workflow | 2024-09-29 | 4.9 Medium |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | ||||
| CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
| Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | 8.3 High |
| CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | ||||