Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18573 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-11-21 | 8.8 High |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session. | ||||
| CVE-2018-5467 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2024-11-21 | N/A |
| An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. | ||||
| CVE-2018-14822 | 1 Entes | 2 Emg-12, Emg-12 Firmware | 2024-11-21 | N/A |
| Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | ||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | ||||
| CVE-2024-41738 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | 5.9 Medium |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | ||||
| CVE-2024-32931 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 5.7 Medium |
| Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | ||||