Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6531 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position. | |||||
| CVE-2019-18573 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session. | |||||
| CVE-2018-5467 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. | |||||
| CVE-2018-14822 | 1 Entes | 2 Emg-12, Emg-12 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | |||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | |||||
| CVE-2024-41738 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | N/A | 5.9 MEDIUM |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | |||||
| CVE-2024-32931 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | N/A | 5.7 MEDIUM |
| Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | |||||