Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31883PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
CVE-2022-31885PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
CVE-2022-31886PUBLISHED: 2022-06-28Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
CVE-2021-3430PUBLISHED: 2022-06-28Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
CVE-2021-3431PUBLISHED: 2022-06-28Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
User Rank: Ninja
6/30/2019 | 3:04:19 PM
I do think this is the future, we need to look into blockchain and how we can enhance our security posture when it relates to Bitcoin. I do think Blockchain can help with areas of the supply chain but that is for another conversation.
T