Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35606PUBLISHED: 2022-08-18A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
CVE-2022-35598PUBLISHED: 2022-08-18A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVE-2022-35599PUBLISHED: 2022-08-18A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
CVE-2022-35601PUBLISHED: 2022-08-18A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVE-2022-35602PUBLISHED: 2022-08-18A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
User Rank: Author
2/6/2015 | 2:25:59 PM
The good money is that other attacks of this nature are underway in this sector. The only thing anyone seems to be doing about it is improving their PR response post breach.
Investment into solutions still seems to be standard. Even with overwhelming data, there doesn't seem to be much action. At least nothing being made public.
We need companies in all sectors to seriously look at their cyber risks and push for innovations to start creating solutions. They should demand new technology and back it up with investment.
Security vendors need to step their game up as well. There needs to be investment in developing solutions that will provide specialized solutions for attack vectors rather than focusing on pushing new devices like firewalls and IDS that will lower risk by .0009% each time a new model comes out.