Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4873PUBLISHED: 2021-01-19IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
CVE-2020-4881PUBLISHED: 2021-01-19
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID...
CVE-2021-22498PUBLISHED: 2021-01-19
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML Exte...
CVE-2021-25323PUBLISHED: 2021-01-19The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVE-2021-25324PUBLISHED: 2021-01-19MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
User Rank: Apprentice
4/11/2014 | 5:34:40 PM
Most data breaches and data loss from public cloud platforms are the result of inadvertent user action. That informs a certain approach to discovery, clasification, and control; there are well-known ways to create DLP policies that minimize the accidental breach risk, for example. Tom Scholtz over at Gartner has a really interesting take on the concept of people-centric security and how companies are using it to do this kind of work in a cloud-friendly way: http://my.gartner.com/portal/server.pt?open=512&objID=202&mode=2&PageID=5553&ref=webinar-rss&resId=2546716&srcId=1-2949089475