Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21360PUBLISHED: 2021-03-09
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic ...
CVE-2021-21361PUBLISHED: 2021-03-09
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed...
CVE-2021-24033PUBLISHED: 2021-03-09
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoke...
CVE-2021-21510PUBLISHED: 2021-03-08Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-27575PUBLISHED: 2021-03-08Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
User Rank: Apprentice
6/9/2014 | 7:02:16 PM
Better security controls, better efiiciencies, and better investment yield equals an advantage verse other companies who loose more data, see more breaches, have larger teams, and burn through ever increasing wads of cash.
The CEO of Target was fired not because their virtualization strategy was incomplete, or they lost a server, or the TCO and cost savings in reduced travel and better decision making through video conferencing did not compute. It was not really even due to his job performance. It was because they were less secure than Walmart, were not as efficient as Macys, and did not get a good return on their investment(s) like Kohls. Presuming Walmart is safe, Macys is efficient, and Kohls see a good return.
Target was and may still be at a competitive disadvantage due to less relevant security controls, operational ineffiiencies, and poor investment yield in reducing risk from their legacy controls.
Bottomline- If i am robbed less, protect myself better, do it more easily, and spend less doing it than the other guy I am going to grow faster and be more profitable.
The real question business leaders should be asking security practioners is make my security a competitve advantage verse " how do i get you to stop draining my pockets."