Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318PUBLISHED: 2021-01-27attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427PUBLISHED: 2021-01-27In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428PUBLISHED: 2021-01-27In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357PUBLISHED: 2021-01-27IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865PUBLISHED: 2021-01-27IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
User Rank: Apprentice
1/13/2014 | 9:15:02 AM
Protecting your patterns
Hopefully, it won't come to the point of a breach in the first place. IBM and its partners are layering in "always aware" intelligence. You can't be in two places at once. So, if the smartphone you accidentally left at a restaurant is being fondled by fraudulent fingers, the pervasive system will recognize the offender's different touch pattern (even if your phone is unlocked) and lock your account.
In another example, imagine two purchases: $40 at a gas station, and $4,000 at Tiffany & Co. Today's fraud monitoring might see the diamond purchase as highly suspicious, and ignore the charge at the pump. But your digital guardian will know that your car has a near-full tank of fuel; that you don't usually re-fuel until you're down to about one quarter tank; not to mention that you're at the office when this charge appears. It will also know that you've been shopping for an engagement ring and have been spending your lunch hour window shopping outside the store.
This and other emerging learning systems will know you, help you, and protect you as we continue to generate more and more data, and put more and more of our lives online.