Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31884PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31887PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVE-2020-19896PUBLISHED: 2022-06-28File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2020-19897PUBLISHED: 2022-06-28A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2021-41559PUBLISHED: 2022-06-28Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
User Rank: Strategist
5/10/2019 | 6:21:22 PM
And to add to this, employers think that there are a plethora of experienced infosec guys out there and they make demands on "requirements" that just are not realistic. Many times asking for what would equate to multiple jobs. "Segregation of duties" anyone? I had an HR person tell me that I was not considered because I performed the duties they were after more than 5 years ago. Apparently they think that if you haven't done it lately, you clear your cache of any unused information. I actually asked one HR person, " Did you forget how to ride a bike?" She was stunned and didn't know how to answer that question.
So this article is just another journalistic waste of time, and waste of my time perusing it. Employers must consider a person's experience and allow some room for training/learning of new skills particular to their environment. That's the only way you are going to get past a couple of skills unless you work for a very small company and are doing it all.