Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318PUBLISHED: 2021-01-27attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427PUBLISHED: 2021-01-27In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428PUBLISHED: 2021-01-27In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357PUBLISHED: 2021-01-27IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865PUBLISHED: 2021-01-27IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
User Rank: Strategist
6/23/2015 | 7:28:41 AM
Firewalls are still a critical part of a company's defences, and dismissing them as a relic from a bygone era is unhelpful. Yes, you need to consider the modern challenges of cloud and mobile working, but not at the expense of your firewalls. Issues such as company data on personal devices and dropbox need to be addressed in addition to securing the network with firewalls, not instead of.
I'm also tired of hearing people say that we should shrug our shoulders and accept that employees are going to keep company data on insecure personal devices regardless of company policies and so forth. Simply caving to the whims of users who don't care about security and expecting security professionals to work around them and find solutions is not good for anyone. Give your security policies some backbone and enforce them. Give your employees decent IT, at least as good as what they have at home, and make your security policies and guidance sensible and proportionate. Make mobile device management good enough to secure your data but not intrusive or onerous. If you do this there is no reason not to expect your users to work remotely in a sensible and secure manner.
Know how the cloud services you use secure your data. Know what they've got that's yours, where it is, how it is encrypted, backed up, how they'll handle a transfer if you change or quit their service, and so on.
None of this negates the need for firewalls. The firewall on its own won't keep you safe, but it's a key part of your defence in depth and you'd be foolish not to give it its due.