API - API Security Blog

EyesOfNetwork, a Restful API application, was detected on the remote host.Read More ...

July 27, 2022

Dataease before 1.11.2 allows arbitrary code execution via crafter plugin

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem.Read More ...

July 27, 2022

Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 co ...

July 27, 2022

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

## Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. ## Vulnerability Details ** CVEID: **[CVE-2 ...

July 27, 2022

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

## Summary IBM Security Guardium Insights has addressed the following vulnerabilities. ## Vulnerability Details ** CVEID: **[CVE-2019-12399]() ** DESCRIPTION: **Apache Kafka could allow a remote attac ...

July 27, 2022

Join Qualys at Black Hat USA 2022!

![](https://blog.qualys.com/wp-content/uploads/2022/07/blackhat2022_Tradeshow_Email_Banner_Desktop_1216x530.jpg) Need to get more security? As a Titanium Sponsor of [**Black Hat USA 2022**]() Qualys w ...

July 27, 2022

CVE-2022-24405

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.Read More ...

July 27, 2022

CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.Read More ...

July 27, 2022