Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bullet
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenario
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentia
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security co
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated u
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially exec
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privi
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. A
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Sid
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Paylo
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hos
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious serve
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. T
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, rem
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP
hostname. While the underlying code validates the certificat
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site script
Page 1+ Next →