6 results (0.131 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867. M-Link Archive Server en Isode M-Link R16.2v1 a R17.0 anterior a R17.0v24 permite a usuarios no administrativos acceder y manipular datos de archivo a través de ciertos endpoints HTTP, también conocidos como LINK-2867. • https://www.isode.com/support/security/advisory/m-link-incorrect-access-control-vulnerability-21-12-2022.html •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request. Isode M-Vault 16.0v0 a 17.x anterior a 17.0v24 puede fallar ante una solicitud de enlace LDAP v1. • https://www.isode.com/support/security/advisory/m-vault-denial-of-service-21-12-2022.html •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. Se ha detectado que Isode SWIFT versión v4.0.2, contiene credenciales embebidas en el Editor del Registro. Esto permite a atacantes acceder a información confidencial como credenciales de usuario y certificados • https://gtn.com.np/wp-content/uploads/2022/06/SWIFT-CVE-REQUEST.pdf https://swift.im/downloads.html https://www.isode.com/products/swift.html • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0

Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. Isode M-Link anterior a 16.0v7 no restringe debidamente el procesamiento de elementos XML comprimidos, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una cadena XMPP manipulada, también conocido como un ataque "xmppbomb". • http://openwall.com/lists/oss-security/2014/04/07/7 http://openwall.com/lists/oss-security/2014/04/09/1 http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. M-Link R14.6 antes de R14.6v14 y R15.1 antes de R15.1v10 no comprueba que se presente una solicitud para una respuesta XMPP Server Dialback, lo que permite a servidores remotos de XMPP falsificar dominios a través de las respuestas de dominios no confirmados. • http://isode.com/company/wordpress/xmpp-server-dialback http://xmpp.org/resources/security-notices/server-dialback • CWE-20: Improper Input Validation •