< ciso
brief />
Tag Banner

All news with #api authorization flaw tag

7 articles

Microsoft strengthens bot protections for Teams

🔒 Microsoft introduced a Teams admin policy that prevents third-party bots from joining meetings without organizer approval. The feature, announced earlier in the Microsoft 365 roadmap, will roll out across Windows, macOS, Android, and iOS for multi-tenant and GCC customers. When enabled, Teams detects potential bots, places them in the lobby, identifies them clearly, and prompts organizers to admit them. Microsoft plans further controls such as allow lists, blocking policies, and audit reports to enhance visibility and governance.
read more →

Gravity SMTP flaw exposes API keys and system data

🔒 A recently patched information disclosure flaw in the Gravity SMTP WordPress plugin (CVE-2026-4020) allows unauthenticated attackers to retrieve sensitive configuration data and API credentials via a misconfigured REST API endpoint. Wordfence observed exploit attempts beginning in May 2026 and blocking over 17 million requests, with activity spiking in early June. Site owners should update to version 2.1.5, rotate exposed credentials, and review logs for suspicious access from listed IPs.
read more →

ServiceNow patches unauthenticated API exposure risk

🔒 ServiceNow notified customers after remediating a vulnerability that allowed an unauthenticated API endpoint to return tenant data under certain configurations. The issue, first reported via the vendor’s bug bounty program in April, prompted hosted updates on June 5 and guidance for self-hosted deployments. ServiceNow says affected instances were a subset of tenants and that observed activity appears linked to security researchers, though investigation continues. Customers are urged to apply updates and review logs for signs of unauthorized access.
read more →

Cisco fixes CVSS 10.0 flaw in Secure Workload

🔒 Cisco issued updates for a maximum-severity vulnerability (CVE-2026-20223) in Secure Workload that allows unauthenticated, remote access to REST API endpoints. The flaw permits crafted API requests to read sensitive data and change configurations across tenant boundaries with Site Admin privileges. Affected versions include Release 3.9 and earlier (migrate), 3.10 (fixed in 3.10.8.3), and 4.0 (fixed in 4.0.3.17). Cisco discovered the issue internally and reports no evidence of exploitation in the wild.
read more →

Cisco fixes max-severity Secure Workload REST API flaw

🔒 Cisco released patches for a maximum-severity vulnerability in Secure Workload (formerly Tetration) that allowed unauthenticated attackers to gain Site Admin privileges by abusing internal REST APIs. The flaw, tracked as CVE-2026-20223, stems from insufficient validation and authentication of API endpoints and could let attackers read sensitive data and change configurations across tenant boundaries. Cisco provided fixed releases for on-premises deployments and has already remediated the issue in the SaaS offering; no workarounds exist.
read more →

SolisCloud API Authorization Bypass Affects Monitoring

⚠️ CISA warns of an authorization bypass (IDOR) in the SolisCloud Monitoring Platform affecting Cloud API and Device Control API v1 and v2. An authenticated user can access detailed plant data by manipulating the plant_id parameter, exposing sensitive information. The issue is tracked as CVE-2025-13932 with a CVSS v4 score of 8.3 and is remotely exploitable with low complexity. SolisCloud has not engaged with CISA; users should limit network exposure and follow CISA mitigation guidance.
read more →

Opto 22 groov View: API exposes user API keys and metadata

🔒 CISA warns that Opto 22's groov View API exposes API keys and user metadata through a users endpoint that returns keys for all accounts to any principal with an Editor role. The issue affects groov View Server for Windows R1.0a–R4.5d and GRV‑EPIC‑PR1/PR2 firmware prior to 4.0.3. Successful exploitation could disclose credentials, reveal keys, and enable privilege escalation; Opto 22 has released patches and recommends upgrading to Server R4.5e and firmware 4.0.3 alongside network-level mitigations.
read more →