7.7
CVE-2024-43707 - Kibana exposure of sensitive information to an unauthorized actor
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.
4.3
CVE-2024-43710 - Kibana server-side request forgery
A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried oβ¦
0.0
CVE-2025-24300 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
7.1
CVE-2025-24030 - Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior tβ¦
5.3
CVE-2024-42187 - HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability
BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks.
2.8
CVE-2024-42186 - HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
6.4
CVE-2023-50309 - IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0Β is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessβ¦
4.6
CVE-2023-32340 - IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2.5
CVE-2024-42185 - HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML β¦
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access.
2.5
CVE-2024-42184 - HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.