ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT a ...
Continue Reading
January 23, 2023
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesnât ...
Continue Reading
January 18, 2023
# CVE 2022-23540 In versions `Read More ...
Continue Reading
January 17, 2023
# CVE-2022-23529 The JSON Web Token (JWT) library versions prio...Read More ...
Continue Reading
January 16, 2023
# Description `PUT /api/v1/users/{id}` API doesn't properly check the authorizaion. # Proof of Concept 1. [admin] Enable user registration functionality. 2. [user] Register new user and login as them. ...
Continue Reading
January 14, 2023
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker ...
Continue Reading
January 14, 2023
## Summary A vulnerability in jwt-go affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for steps to address this issue. ## Vulnerability Details ** CVEID: **[CV ...
Continue Reading
January 13, 2023
## Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructi ...
Continue Reading
January 12, 2023
Back to Main
