Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4873PUBLISHED: 2021-01-19IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
CVE-2020-4881PUBLISHED: 2021-01-19
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID...
CVE-2021-22498PUBLISHED: 2021-01-19
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML Exte...
CVE-2021-25323PUBLISHED: 2021-01-19The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVE-2021-25324PUBLISHED: 2021-01-19MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
User Rank: Apprentice
3/11/2014 | 10:32:47 AM
Even as a small IT Service company we have to go through PCI compliance. Are these big companies too big that they dont have anyone who can see the big picutre? Do they perform 3rd party security audits? If so - why wasnt this found. If not - wow - they hold millions of credit card numbers and probably lots of Personal Information which must be protected - and they did nothing to think about security? Wow!