Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0001PUBLISHED: 2023-02-08An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
CVE-2023-0002PUBLISHED: 2023-02-08A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
CVE-2023-0003PUBLISHED: 2023-02-08A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
CVE-2023-0748PUBLISHED: 2023-02-08Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
CVE-2022-41620PUBLISHED: 2023-02-08Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.
User Rank: Ninja
6/12/2017 | 11:56:38 AM
The problem I have with massive commercial systems is the lack of availability to lab testers and FOSS developers to really put them to task and see what they can do. Too many of these expensive "Enterprise" systems come at such expense and require massive resources to properly deploy; not to mention the amount of time needed to even see results that might reflect well on what the product offers. OpenC2 represents hope to move in the other direction.
Appreciate you dropping this reference. And, I was checking out CybOX before it integrated with STIX, and that's how I first heard about OpenC2 when papers started popping up talking about CybOX and STIX in relation to OpenC2. Anyone with awareness of this whole body of code should be looking at OpenC2 closely over the next year...