Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5148PUBLISHED: 2021-03-05
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall a...
CVE-2020-36255PUBLISHED: 2021-03-05An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVE-2019-18351PUBLISHED: 2021-03-05
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijac...
CVE-2021-27963PUBLISHED: 2021-03-05SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
CVE-2021-27964PUBLISHED: 2021-03-05SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
User Rank: Apprentice
1/12/2021 | 4:52:48 AM
When adopting cloud solutions, many organizations fail to balance the benefits of the cloud against the cloud security threats and challenges they may face.
But the major question to ask is, who is responsible for security in the cloud?
Being an entrepreneur I had to go through the same especially in this lockdown. I also tried many solutions but it was expensive for a start-up like mine. I finally landed in some free solutions with a limited number of otp users and quite satisfied till now.