Improper access control

A recently discovered security vulnerability affects all Bosch Video Management System BVMS versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System BIS with Video Engine, Access Professional Edition APE, Access Easy Controller AEC, Bosch Vide...

CVE-2019-6958

The CVE-2019-6958 entry concerns Bosch BVMS and related systems (BVMS v9.0 and earlier; DIVAR IP 2000–7000; Configuration Manager; BIS with Video Engine; APE; AEC; BVC; VSDK). The root cause is improper access control via the RCP+ network port allowing access without authentication. This could en...

CVE-2019-6958 Improper Access Control for Bosch Video Systems, PSIM and Access Control Systems

A recently discovered security vulnerability affects all Bosch Video Management System BVMS versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System BIS with Video Engine, Access Professional Edition APE, Access Easy Controller AEC, Bosch Vide...

PT-2019-18377 · Bosch · Video Sdk +9

Name of the Vulnerable Software and Affected Versions: Bosch Video Management System BVMS versions 9.0 and below DIVAR IP versions 2000 through 7000 Video Recording Manager VRM Video Streaming Gateway VSG Configuration Manager Building Integration System BIS with Video Engine Access Professional...

PT-2019-18378 · Bosch · Configuration Manager +7

Name of the Vulnerable Software and Affected Versions: Bosch Video Management System BVMS versions 9.0 and below DIVAR IP versions 2000 through 7000 Configuration Manager affected versions not specified Building Integration System BIS with Video Engine affected versions not specified Access...

Step 9. Protect your OS: top 10 actions to secure your environment

In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2018-4071

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGetTask.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450...

Information disclosure

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGetTask.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450...

Design/Logic Flaw

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2018-4072

The CVE-2018-4072 vulnerability affects Sierra Wireless AirLink ES450 running FW 4.9.3, in the ACEManager EmbeddedAceSet_Task.cgi component. Affected by a permission-assignment flaw that allows an authenticated user to modify configuration values via the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoin...

CVE-2018-4071

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGetTask.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450...

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

Talos Vulnerability Report TALOS-2018-0756 Sierra Wireless AirLink ES450 ACEManager EmbeddedAceSetTask.cgi Permission Assignment Vulnerability April 25, 2019 CVE Number CVE-2018-4072, CVE-2018-4073 Summary An exploitable Permission Assignment vulnerability exists in the ACEManager...

The evolution of Microsoft Threat Protection, April update

Microsoft Threat Protection continues to energize the threat protection market with our most recent announcements. Customers are excited about the launch of Microsoft Defender Advanced Threat Protection ATP, which extends Microsoft’s best in class endpoint security to Mac and adds powerful new...

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure Vulnerability

Summary An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information,...

Security Update for Adobe Flash Player: April 9, 2019

Security Update for Adobe Flash Player: April 9, 2019 Summary This security update resolves vulnerabilities in Adobe Flash Player that is installed on any of the operating systems that are listed in the "Applies to" section. To learn more about these vulnerabilities, see ADV190011. More informati...

Schneider Electric SoMachine Configuration Manager Detection (Windows SMB Login)

Detects the installed version of Schneider Electric SoMachine Configuration Manager for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5597, CVE-2016-5542)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 30, Version 8 Service Refresh 3 Fix Pack 11 and earlier releases, that is used by IBM Tivoli Netcool Configuration Manager ITNCM. These issues were disclosed as...