Free Trial

CVE-2023-3266 : CYBERPOWER POWERPANEL ENTERPRISE 2.6.0 LDAP AUTHENTICATION SECURITY CHECK

Description

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected. An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.

References

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2023-3266 : CYBERPOWER POWERPANEL ENTERPRISE 2.6.0 LDAP AUTHENTICATION SECURITY CHECK
CVE-2023-3266 : CYBERPOWER POWERPANEL ENTERPRISE 2.6.0 LDAP AUTHENTICATION SECURITY CHECK

Contact us to get started

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed

Learn more
CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING

CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all

Learn more
CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION

CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION

Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard

Learn more