Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25329PUBLISHED: 2021-03-01
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previousl...
CVE-2021-25122PUBLISHED: 2021-03-01
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request...
CVE-2021-27225PUBLISHED: 2021-03-01In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2021-27132PUBLISHED: 2021-02-27SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284PUBLISHED: 2021-02-27An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
User Rank: Apprentice
6/9/2014 | 7:02:16 PM
Better security controls, better efiiciencies, and better investment yield equals an advantage verse other companies who loose more data, see more breaches, have larger teams, and burn through ever increasing wads of cash.
The CEO of Target was fired not because their virtualization strategy was incomplete, or they lost a server, or the TCO and cost savings in reduced travel and better decision making through video conferencing did not compute. It was not really even due to his job performance. It was because they were less secure than Walmart, were not as efficient as Macys, and did not get a good return on their investment(s) like Kohls. Presuming Walmart is safe, Macys is efficient, and Kohls see a good return.
Target was and may still be at a competitive disadvantage due to less relevant security controls, operational ineffiiencies, and poor investment yield in reducing risk from their legacy controls.
Bottomline- If i am robbed less, protect myself better, do it more easily, and spend less doing it than the other guy I am going to grow faster and be more profitable.
The real question business leaders should be asking security practioners is make my security a competitve advantage verse " how do i get you to stop draining my pockets."