Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41738 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | 5.9 Medium |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | ||||
| CVE-2024-38863 | 2024-10-15 | N/A | ||
| Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | ||||
| CVE-2023-25524 | 1 Nvidia | 1 Omniverse Launcher | 2024-10-09 | 4 Medium |
| NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-09-19 | 6.5 Medium |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | ||||
| CVE-2020-5331 | 1 Rsa | 1 Archer | 2024-09-17 | 8.8 High |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | ||||
| CVE-2022-24414 | 1 Dell | 1 Cloudlink | 2024-09-17 | 7.6 High |
| Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. | ||||
| CVE-2021-21594 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 8.2 High |
| Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. | ||||
| CVE-2022-22551 | 1 Dell | 1 Emc Appsync | 2024-09-16 | 8.3 High |
| DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. | ||||
| CVE-2018-14822 | 1 Entes | 2 Emg-12, Emg-12 Firmware | 2024-09-16 | N/A |
| Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | ||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2024-09-16 | N/A |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | ||||
| CVE-2021-36328 | 1 Dell | 1 Emc Streaming Data Platform | 2024-09-16 | 8.8 High |
| Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | ||||
| CVE-2019-18573 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-09-16 | 8.8 High |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session. | ||||
| CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2024-09-04 | 9.8 Critical |
| An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | ||||
| CVE-2024-31206 | 2024-08-26 | 8.2 High | ||
| dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. | ||||
| CVE-2023-6287 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2024-08-26 | 3.3 Low |
| Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | ||||
| CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2024-08-21 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | ||||
| CVE-2024-32931 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 5.7 Medium |
| Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | ||||
| CVE-2017-8443 | 1 Elastic | 1 Kibana | 2024-08-05 | N/A |
| In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs. | ||||
| CVE-2023-32335 | 2024-08-05 | 3.7 Low | ||
| IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075. | ||||
| CVE-2017-3185 | 1 Acti | 1 Camera Firmware | 2024-08-05 | N/A |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. | ||||