Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23750PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2023-23751PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2022-37033PUBLISHED: 2023-02-01
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re...
CVE-2022-3913PUBLISHED: 2023-02-01
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate...
CVE-2022-45782PUBLISHED: 2023-02-01An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.
User Rank: Author
2/26/2019 | 7:36:41 PM
Abandon the "permitted by default" network model. Endpoints must prove to networks that they are ready to be exposed to anything beyond their immediate neighborhood. Moderate access requires only basic proof of hygeine, while a new Internet-facing web server (or container) must demonstrate being hardened and ready before the flood gates are opened.