Mar 24 2025

CVE-2018-1528 – IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API

Author: Shafeeque Olassery Kunnikkal | Category: CVE-2018-1528, Cyber Security, Penetration Testing, Uncategorized | Leave a Comment

Reported this vulnerability while doing a penetration testing of IBM Maximo Asset Management software Summary IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API. This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM…..

Continue Reading
Mar 23 2025

CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 2

Author: Shafeeque Olassery Kunnikkal | Category: Cross Site Scripting, CVE-2018-5798, Cyber Security | Leave a Comment

Below is the details of the reflected XSS , I have found in Cloudera Enterprise. More details can be found here :-  https://www.cloudera.com/documentation/other/securitybulletins/topics/Security-Bulletin.html#DOCS-3186 Login to Cloudera manager using credentialsadmin:admin 1. Navigate the following URL which includes the XSS Payload.

Continue Reading
Mar 23 2025

CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 1

Author: Shafeeque Olassery Kunnikkal | Category: Cross Site Scripting, CVE-2018-5798, Cyber Security, Vulnerability Assessment | Leave a Comment

Below is the details of the reflected XSS , I have found in Cloudera Enterprise. There were multiple XSS was reported and will be publishing this details in subsequent posts. More details can be found here :- https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#DOCS-3186 Login to Cloudera manager using credentialsadmin:admin or cloudera:cloudera We need to intercept the HTTP traffic so launch…..

Continue Reading

Categories

Tags

IBM Maximo Asset Management Clickjacking SDR Phishing E-Books Black Box Penetration Testing Social Engineering Penetration Testing Career Options CubicSDR Education Email Fraud CVE-2018-5798 Reflected XSS Cloudera Manager Information Security partial-knowledge testing Computer Forensics Degree Career Vulnerability Assessment complete-knowledge testing Computer Forensics Cyber Security Grey Box Penetration Testing White Box Penetration Testing Ethical Hacking Cyber Security Degree Cloudera Enterprise XSS zero-knowledge testing CVE-2018-1528

Archives