Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21395PUBLISHED: 2023-01-27
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user sub...
CVE-2022-48070PUBLISHED: 2023-01-27Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVE-2022-48071PUBLISHED: 2023-01-27Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
CVE-2022-48072PUBLISHED: 2023-01-27Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVE-2022-48073PUBLISHED: 2023-01-27Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
User Rank: Ninja
6/29/2019 | 11:04:35 PM
The Health Insurer does not have the expertise on staff to determine if the information was extracted from their database, if it took them 9 years, it is not surprising where they are in their forensic process (Anthem Insurance went through a similar situation).
Todd