Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-21129PUBLISHED: 2023-01-31Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
CVE-2022-25881PUBLISHED: 2023-01-31This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
CVE-2022-25979PUBLISHED: 2023-01-31Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.
CVE-2022-4898PUBLISHED: 2023-01-31
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken t...
CVE-2022-4041PUBLISHED: 2023-01-31Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
User Rank: Apprentice
5/21/2018 | 12:37:07 PM
Rob Clyde with ISACA recently noted their research on the topic: https://www.linkedin.com/pulse/isaca-data-diversity-issues-rob-clyde/
"An overall 31-point gap was found when it came to male and female perceptions of career advancement opportunities for women, compared to a 10-point gap for those with diversity programs in place within their organization"
If there continues to be a perception that women do not have the same advancement opportunities as men in IT and cyber security, fewer are likely choose to pursue it as a career path. ISACA research data indicates that programs may help or at least change perceptions about advancement opportunities. Programs are a start, but I do not think that they alone can drive the shift that is needed. The points raised about merit and hiring the best candidate are solid ones, yet there's a need for cyber security leaders take action to address both the perceptions and realities of the issue so that we have a larger talent pool of both women and men to fill the need for cyber security professionals.
Full report from ISACA at: https://cybersecurity.isaca.org/state-of-cybersecurity