CVE-2017-10058

CVE-2017-10058 affects Oracle Fusion Middleware’s Oracle BI Enterprise Edition (Analytics Web Administration). Affected: 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0. The vulnerability allows a high-privilege attacker with network access via HTTP to compromise BI EE, with attacks requiring user interaction...

CVE-2017-10191

CVE-2017-10191 describes a vulnerability in Oracle E-Business Suite’s Web Analytics (Common Libraries). Affected versions: 12.1.1, 12.1.2, 12.1.3, 12.2.3–12.2.6. The flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Analytics, with human interaction req...

CVE-2017-10044

The CVE-2017-10044 entry concerns Oracle Hospitality Reporting and Analytics (Reporting subcomponent) within Oracle Hospitality Applications. Affected versions are 8.5.1 and 9.0.0. The vulnerability is exploitable over the network via HTTP by a low-privilege attacker and can lead to unauthorized ...

CVE-2017-10000

CVE-2017-10000 affects Oracle Hospitality Reporting and Analytics (subcomponent: Reporting) in Oracle Hospitality Applications. Affected versions are 8.5.1 and 9.0.0. The vulnerability is exploitable by a low-privileged attacker with network access via HTTP and can result in a denial of service b...

CVE-2017-10097

CVE-2017-10097 relates to Oracle Hospitality Reporting and Analytics (Reporting subcomponent) within Oracle Hospitality Applications. Affected versions are 8.5.1 and 9.0.0. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the component, with exploit...

CVE-2017-10044

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Reporting. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890

F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...

OSIsoft PI Integrator

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Integrator Vulnerabilities: Cross-Site Scripting, Improper Authorization AFFECTED PRODUCTS The following versions of PI Integrator, a data management platform, are affected: PI Integrator for SAP...

Oracle Hospitality Reporting and Analytics Denial of Service Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...

Challenges of Big Data Security – Whiteboard Wednesday [Video]

Database security best practices are also applicable for big data environments. The question is how to achieve security and compliance for big data environments given the challenges they present. Issues of volume, scale, and multiple layers/technologies/instances make for a uniquely complex...

Oracle Hospitality Reporting and Analytics Remote Vulnerability (CNVD-2017-27173)

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...

baidu_analytics - Unsupported - SA-CONTRIB-2017-060

Update The maintainer has resolved this issue, please read the release notes for more information This module adds the Baidu Analytics web statistics tracking system to your website. The security team is marking this module unsupported. There is a known security issue with the module that has not...

Oracle Hospitality Reporting and Analytics Remote Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...

Unspecified Vulnerability in Oracle Business Intelligence Enterprise Edition

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, and other functionality.Oracle Business Intelligence Enterprise Edition is one of the business intelligence...

Legal Robot: [Cross-domain Referer leakage] Password reset token leakage via referer

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

July 25, 2017 – Morning Cyber Coffee Headlines – “Henry Ford” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 25, 2017 - Headlines UK gov wants teens to practice cybersecurity in their...

CVE-2017-5529

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition versions 6.4.0 and below, TIBCO JasperReports...

Legal Robot: Token leakage by referrer header & analytics

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

Static Versus Dynamic Data Masking

Most participants in the trench warfare of IT security agree that the best way to protect data is to apply a layered approach to security. Data masking is a security and privacy enhancing technology recommended by industry analysts as a must-have data protection layer. While terminology varies...

An Analytical Framework for Network Data: Flare

An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...