Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4873PUBLISHED: 2021-01-19IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
CVE-2020-4881PUBLISHED: 2021-01-19
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID...
CVE-2021-22498PUBLISHED: 2021-01-19
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML Exte...
CVE-2021-25323PUBLISHED: 2021-01-19The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVE-2021-25324PUBLISHED: 2021-01-19MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
User Rank: Ninja
4/7/2017 | 1:23:49 PM
Talk to most die-hard security pros -- the really good ones, and the ones who do nothing OTHER than cybersecurity for a living -- and their use of social networks is minimal (if not non-existent). Moreover, they put minimal -- if any -- true PII on those social networks. So their risk is already quite small.
Moreover, it is becoming increasingly the viewpoint of the top InfoSec pros and punditry that changing passwords frequently is NOT a best practice -- and can actually be detrimental.
The study may be headline grabbing, but I am unconcerned.