Analytics Tracker < 1.1.1 - XSS

The Analytics Tracker WordPress plugin was affected by a XSS security vulnerability...

IBM BigFix Compliance Analytics Security Bypass Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security bypass...

Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server

Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics DRA, a data analytics firm employed by the US Republican...

IBM BigFix Security Compliance Analytics Information Disclosure Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. IBM BigFix Security Complian...

IBM BigFix Security Compliance Analytics Weak Default Password Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security vulnerability...

IBM BigFix Security Compliance Analytics Cross-Site Scripting Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A cross-site scripting...

Today’s File Security is So ‘80s, Part 2: Detect Suspicious File Access with Dynamic Peer Groups

In a previous post, we shared three primary reasons why the traditional, static approach to file security no longer works for today’s modern enterprises. Working groups are formed organically and are cross-functional by nature, making a black and white approach to file access control outdated—it...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

CVE-2017-1179

CVE-2017-1179 affects IBM BigFix Compliance Analytics 1.9.79, where information disclosure occurs due to the use of weaker-than-expected cryptographic algorithms, potentially allowing an attacker to decrypt highly sensitive data. The available connected documents identify the vulnerability class ...

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

Code injection

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

CVE-2017-1125

CVE-2017-1125 affects IBM Cognos Analytics 10.1 and 10.2, allowing a local user to craft a URL that confirms existence of and excerpts from a file on the server (information disclosure). Root cause is a URL-based confirmation/exposure mechanism for local files. Impact is partial confidentiality l...

HackerOne: Invitation tokens leak to Google Analytics

Hi, While testing i have noticed that , the hackerone invitation token gets exposed to google-anaytics.com How? Here look at the photo- ████████ We can see that the request payload is exposing the invitation token and its not filtered like this one- ███████ And this is what google does with their...

IBM Cognos Business Intelligence Server Cognos Analytics Information Disclosure Vulnerability

IBM Cognos Business Intelligence Server is a suite of business intelligence and performance management solutions from IBM in the United States. The solution reports, analyzes, monitors and evaluates business data.Cognos Analytics is one of the data mining and analysis components. An information...

A Growing Symphony of Security Analytics Tools Needs Careful Orchestration

Security analytics tools available to companies are increasing rapidly. However, cyber incident and vulnerability prevention, detection, response, and recovery times remain significant challenges as the types of attacks and attack vectors increase. Newer cyber analytics using machine learning are...

SA150: NSS Vulnerability April 2017

SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to a security vulnerability. A remote attacker can send crafted Base64-encoded data and execute arbitrary code or cause denial of service through an application crash. AFFECTED PRODUCTS The following...