Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4815PUBLISHED: 2021-01-27IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
CVE-2020-4816PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-For...
CVE-2020-4820PUBLISHED: 2021-01-27IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4967PUBLISHED: 2021-01-27IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
CVE-2020-36012PUBLISHED: 2021-01-27Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
User Rank: Apprentice
8/22/2018 | 12:57:36 PM
It comes under configuration management.
Security needs to be abstracted away from business requirements.
Its a given in IoT.
Example used here already people 2016
https://www.wolfssl.com/wolfmqtt-v0-3-and-mqtt-secure-firmware-update-example/
https://www.wolfssl.com/docs/atmel/
My own IoT design's are designed to show the IT world how to do SECURITY.
In hardware. Like U2F from FIDO/FIDO2 for humans.
508a/608a or SAML11 for your edge nodes.
SAML11 for youre secure IoT hub talking MQTT over HTTPS.
It does not matter if your IP security fails.
The data is protected by hardware security.
Your heart beat system will tell you of DOS on your IP part.
ONLY PUBLIC KEYS are in the wild in secure IoT systems.