Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Careers and People

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

To InformationWeek

Network Computing Dark Reading

Advertise

Author

Profile of Jon Oltsik

Senior Principal Analyst & Fellow, Enterprise Strategy Group

Member Since: 8/26/2019
Author
News & Commentary Posts: 3
Comments: 0

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm's cybersecurity service. With over 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Articles by Jon Oltsik

View Content By Month

The Realities of Extended Detection and Response (XDR) Technology

2/24/2021
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
Post a Comment

Big Changes Are Coming to Security Analytics & Operations

12/11/2019
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.
Post a Comment

3 Promising Technologies Making an Impact on Cybersecurity

9/3/2019
The common thread: Each acts as a force multiplier, adding value to every other security technology around it.
Post a Comment

Editors' Choice

FluBot Malware's Rapid Spread May Soon Hit US Phones

Kelly Sheridan, Staff Editor, Dark Reading, 4/28/2021

7 Modern-Day Cybersecurity Realities

Steve Zurier, Contributing Writer, 4/30/2021

How to Secure Employees' Home Wi-Fi Networks

Bert Kashyap, CEO and Co-Founder at SecureW2, 4/28/2021

Dark Reading June 24 Virtual Event a free, all-day online conference. LEARN MORE

Finding & Stopping Enterprise Data Breaches - June 24 - Dark Reading Virtual Event

More Informa Tech Live Events

White Papers

Hidden Costs of Endpoint Security

The Definitive Buyer's Guide for Managed Threat Detection and Response Services

Tech Insights: Detecting and Preventing Insider Data Leaks

Are We Cyber-Resilient? The Key Question Every Organization Must Answer

New Cybersecurity Paradigm

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: On that night, lost in the middle of nowhere, the Jones realized they had reached the "outer limits" of their computer knowledge and there was ...

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

Battle for the Endpoint

Battle for the Endpoint

How to build a new cyber strategy for 2021 and beyond.

How Enterprises are Developing Secure Applications

Assessing Cybersecurity Risk in Today's Enterprises

The Malware Threat Landscape

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-23009
PUBLISHED: 2021-05-10

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plan...

CVE-2021-23010
PUBLISHED: 2021-05-10

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ...

CVE-2021-23012
PUBLISHED: 2021-05-10

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute...

CVE-2021-23014
PUBLISHED: 2021-05-10

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software ve...

CVE-2021-23015
PUBLISHED: 2021-05-10

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]