Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-26054PUBLISHED: 2022-07-04Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
CVE-2022-26368PUBLISHED: 2022-07-04Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
CVE-2022-27627PUBLISHED: 2022-07-04Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
CVE-2022-27661PUBLISHED: 2022-07-04Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
CVE-2022-27803PUBLISHED: 2022-07-04Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
User Rank: Ninja
6/30/2019 | 3:19:05 PM
Hmm, there are a few questions that cause me to pause:
Sounds to me from the application, network, web, Db and credit card groups failed to understand the concept of network segmentation. Where was the Enterprise Archictect in this endeavor and what happened to the planning stages associated with DR (doesn't GDPR get involved with this issue and shouldn't they be penalized for this attrocity)?
Todd