Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api gateway vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-38368
An issue exists in Aviatrix Gateway prior to 6.6.5712 and 6.7.x prior to 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Aviatrix Gateway
9.8
CVSSv3
CVE-2022-32563
An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client cert...
Couchbase Sync Gateway
1 Github repository
NA
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x prior to 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote malicious users to obtain plaintext data v...
Ibm Datapower Gateway
6.5
CVSSv3
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x before 11.2.14, 10.x before 10.2.25 and controlled release 12.x before 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API....
Skyhighsecurity Secure Web Gateway
9.8
CVSSv3
CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the ...
Couchbase Sync Gateway 2.1.2
7.5
CVSSv3
CVE-2021-22955
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an malicious user to cause a temporary disruption of the Management GUI, Nitro API, and RPC co...
Citrix Application Delivery Controller Firmware
Citrix Gateway
7.5
CVSSv3
CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RP...
Citrix Application Delivery Controller Firmware
Citrix Gateway
Citrix Sd-wan
7.4
CVSSv3
CVE-2015-8597
Open redirect vulnerability in Blue Coat ProxySG 6.5 prior to 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear ...
Bluecoat Proxysg
Bluecoat Advanced Secure Gateway 6.6
9.8
CVSSv3
CVE-2019-14540
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Fasterxml Jackson-databind
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Oracle Retail Xstore Point Of Service 15.0
Oracle Primavera Unifier 16.2
Oracle Banking Platform 2.4.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Banking Platform 2.4.1
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Banking Platform 2.5.0
Oracle Primavera Unifier 16.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
2 Github repositories
NA
CVE-2015-7996
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway prior to 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow malicious users to obtain cre...
Citrix Netscaler Application Delivery Controller Firmware 10.1
Citrix Netscaler Application Delivery Controller Firmware 10.5
Citrix Netscaler Service Delivery Appliance Service Vm 10.5e
Citrix Netscaler Gateway Firmware 10.5
Citrix Netscaler Gateway Firmware 10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »