Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31884PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31887PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVE-2020-19896PUBLISHED: 2022-06-28File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2020-19897PUBLISHED: 2022-06-28A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2021-41559PUBLISHED: 2022-06-28Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
User Rank: Apprentice
5/21/2018 | 12:37:07 PM
Rob Clyde with ISACA recently noted their research on the topic: https://www.linkedin.com/pulse/isaca-data-diversity-issues-rob-clyde/
"An overall 31-point gap was found when it came to male and female perceptions of career advancement opportunities for women, compared to a 10-point gap for those with diversity programs in place within their organization"
If there continues to be a perception that women do not have the same advancement opportunities as men in IT and cyber security, fewer are likely choose to pursue it as a career path. ISACA research data indicates that programs may help or at least change perceptions about advancement opportunities. Programs are a start, but I do not think that they alone can drive the shift that is needed. The points raised about merit and hiring the best candidate are solid ones, yet there's a need for cyber security leaders take action to address both the perceptions and realities of the issue so that we have a larger talent pool of both women and men to fill the need for cyber security professionals.
Full report from ISACA at: https://cybersecurity.isaca.org/state-of-cybersecurity