CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38723
https://notcve.org/view.php?id=CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection. Gravitee API Management anterior a 3.15.13 permite path traversal mediante inyección de HTML. • https://community.gravitee.io/t/whats-new-in-access-management-3-15-lts/164 https://gist.github.com/garatc/d86cdb1fa2e35a7ee719d9a0de0b5ca3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0559
https://notcve.org/view.php?id=CVE-2013-0559
Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. Vulnerabilidad no especificada en IBM API Management v2.0 anterior a v2.0.0.1 permite a atacantes remotos acceder a determinadas APIs, y consecuentemente obtener información sensible o modificar los datos, mediante vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1LI77499 http://www.ibm.com/support/docview.wss?uid=swg21643847 https://exchange.xforce.ibmcloud.com/vulnerabilities/85557 •