CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22155
https://notcve.org/view.php?id=CVE-2021-22155
An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account. Una vulnerabilidad de omisión de autenticación en el componente SAML Authentication de BlackBerry Workspaces Server (implementado con Appliance-X) versiones(s) 10.1, 9.1 y anteriores, podría permitir a un atacante conseguir acceso a la aplicación en el contexto de la cuenta del usuario objetivo • https://support.blackberry.com/kb/articleDetail?articleNumber=000078926 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 97%CPEs: 13EXPL: 8CVE-2020-11652 – SaltStack Salt Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Se descubrió un problema en SaltStack Salt versiones anteriores a la versión 2019.2.4 y versiones 3000 anteriores a 3000.2. La clase ClearFuncs del proceso Salt-master permite acceder a algunos métodos que sanean inapropiadamente las rutas. • https://www.exploit-db.com/exploits/48421 https://github.com/ssrsec/CVE-2020-11651-CVE-2020-11652-EXP https://github.com/Al1ex/CVE-2020-11652 https://github.com/limon768/CVE-2020-11652-POC https://github.com/fanjq99/CVE-2020-11652 https://github.com/appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html http://packetstormsecurit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •