Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318PUBLISHED: 2021-01-27attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427PUBLISHED: 2021-01-27In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428PUBLISHED: 2021-01-27In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357PUBLISHED: 2021-01-27IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865PUBLISHED: 2021-01-27IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
User Rank: Moderator
1/7/2014 | 1:57:04 PM
I agree that "Business systems are launched and retired faster than security teams can identify, analyze, and track", but I think that data is more constant.
I agree that "Risks are implicitly accepted by business sponsors during design, development, and operation, but mitigated only when pressed by security and risk management", but I think that security should be built into the data values.
I agree that "Security policies are enforced primarily by manually executed audits and processes", but I think that they should instead be automated.
I agree that "Scaling today's information security and risk management problems to cloud velocity is untenable, but I found interesting new in a report from the Aberdeen Group that "saw a big advantage in performance" and also scalability over traditional security methods.
The report also revealed that "Over the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than credit card data. The name of the study, released a few months ago, is "Tokenization Gets Traction".
I think that the Aberdeen approach based on data tokenization is an interesting data security method for Cloud data.
Ulf Mattsson, CTO Protegrity.