‼ CVE-2021-37928 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42071 ‼
📖 Read
via "National Vulnerability Database".
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40439 ‼
📖 Read
via "National Vulnerability Database".
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37931 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37762 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37918 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3833 ‼
📖 Read
via "National Vulnerability Database".
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.📖 Read
via "National Vulnerability Database".
🕴 Former Google Employees Launch Supply Chain Security Startup 🕴
📖 Read
via "Dark Reading".
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.📖 Read
via "Dark Reading".
Dark Reading
Former Google Employees Launch Supply Chain Security Startup
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.
🔏 Solving the Mid-Market Data Protection Challenge 🔏
📖 Read
via "".
Learn how Digital Guardian's Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.📖 Read
via "".
Fortra's Digital Guardian
Solving the Mid-Market Data Protection Challenge
Learn how Digital Guardian's Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.
🦿 ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR 🦿
📖 Read
via "Tech Republic".
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.📖 Read
via "Tech Republic".
TechRepublic
ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.
🦿 A holistic approach to vulnerability management solidifies cyberdefenses 🦿
📖 Read
via "Tech Republic".
Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.📖 Read
via "Tech Republic".
TechRepublic
A holistic approach to vulnerability management solidifies cyberdefenses
Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.
‼ CVE-2021-20571 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20489 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29700 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20376 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20372 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20561 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20552 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41130 ‼
📖 Read
via "National Vulnerability Database".
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20481 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20473 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.📖 Read
via "National Vulnerability Database".