Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23077PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
CVE-2023-23078PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
CVE-2023-22287PUBLISHED: 2023-02-01** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2023-23073PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
CVE-2023-23074PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
User Rank: Apprentice
3/5/2014 | 4:22:07 PM
Whether she was up to the task of managing Target's Technology Services, or simply had to take the sword in what is proving to be a very costly hacking, only Target's insiders will know.
Her departure raises two questions. Are enterprises better served when a business (customer) champion is in charge of IT, so long as the IT team has the requisite talent, versus someone who came up through the tech ranks? (My sense is, with the right management skills, the answer is sure, why not?) The other question is, what are other CEOs across the nation doing to elevate IT security in their firms in the aftermath of the Target breach?
Target's CEO Gregg Steihafel certainly found out the hard way how costly it can be not being prepared for today's rapidly evolving cyber threats.