Securing 3rd party API Integrations
When integrating with a third-party API, it's important to take security into consideration. Here are some key considerations to keep in mind: Authentication and Authorization:…
CVE-2023-26477 : XWIKI PRIOR 13.10.10/14.4.6/14.9-RC-1 REQUEST PARAMETER NEWTHEMENAME NEUTRALIZATION OF DIRECTIVES
Description XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and…
CVE-2023-0228 : ABB SYMPHONY PLUS S+ OPERATIONS UP TO 2.2/3.3 SP2 IMPROPER AUTHENTICATION
Description Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack. This issue affects Symphony Plus S+ Operations: from 2.X…
CVE-2023-0567 : PHP UP TO 8.0.27/8.1.15/8.2.2 BLOWFISH HASH PASSWORD_VERIFY UNKNOWN VULNERABILITY
Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such…
CVE-2022-45140 : WAGO COMPACT CONTROLLER CC100 WEB-BASED MANAGEMENT INTERFACE MISSING AUTHENTICATION
Description The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code…
CVE-2023-26605 : LINUX KERNEL 6.0.8 FS/FS-WRITEBACK.C INODE_CGWB_MOVE_TO_ATTACHED USE AFTER FREE
Description In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. References https://lkml.org/lkml/2023/2/22/3 For More Information MITRE