Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
A user with administrator privileges is able to retrieve authentication tokens
Backup uploads to ETM subject to man-in-the-middle interception
Specially constructed queries targeting ETM could discover active remote access sessions
A user with administrator privileges can perform command injection
A user with advanced report application access rights can perform actions for which they are not authorized
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token
The administrator is able to configure an insecure captive portal script
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bo
Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, al
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could
allow an attacker to create an administrator account without knowing any
existing credentials.
An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users compone
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA (e.g. after the 7-day enforcement window), the REST A
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from gro
Page 1+ Next →