Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34876PUBLISHED: 2022-07-05
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or mak...
CVE-2022-34877PUBLISHED: 2022-07-05
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavail...
CVE-2022-34878PUBLISHED: 2022-07-05
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and bec...
CVE-2022-34879PUBLISHED: 2022-07-05Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVE-2022-31770PUBLISHED: 2022-07-05IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
User Rank: Ninja
7/25/2019 | 8:07:12 AM
If we look at this statement, this could affect company's bottom lines because of the sheer volume of data being sent across the network; cloud providers like IBM and Google will protect customers but AWS and Azure will charge customers for ingress data streams. There are organizations that provide a level of protection from a DDoS standpoint but that should be a service provided by the CSP, some of the organizations that help mitigate the problem that is listed on the market place are: (DDoS Protection Companies):
A boatload of others can be found on the link; however, if companies utilized marketplace vendors to address this problem, they will still be charged because of the application is found inside of the Virtual Gateway (VGW), since they are using quasi radius method of accounting, the organizations who have purchased internal marketplace solutions will still be affected; those that have purchased external DDoS solutions (i.e Akamai or CloudFlare) won't feel the financial crunch as much as others, this will be more of an insurance policy.
Todd