Redash Code Issue Vulnerability (CNVD-2021-95242)

Redash is a data integration and analysis solution from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.Redash 10.0.0 and earlier versions are vulnerable to a code issue that stems from the fact that the program is vulnerable ...

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

Redash 代码问题漏洞

Redash is a data integration and analysis solution from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.Redash 10.0.0 and earlier versions are vulnerable to a code issue that stems from the fact that the program is vulnerable ...

CVE-2021-43780 Server-Side Request Forgery (SSRF) in Redash

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

PT-2021-23928 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash versions 10.0 and prior Description: Redash is a package for data visualization and sharing. The implementation of URL-loading data sources like JSON, CSV, or Excel in versions 10.0 and prior is vulnerable to advanced methods of Server...

Hitachi Vantara Pentaho 安全漏洞

Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics 9.1 and prior versions, which stems from the fact that Pentaho implements a series of web services using...

Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Unauthenticated SQL Injection Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public Disclosure: 01...

Critical Flaws Uncovered in Pentaho Business Analytics Software

Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...

PT-2022-4661 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue allows an attacker logged in as an admin user to manipulate the customer URL field, storing JavaScript code that can be executed later by any agent when clicking the customer URL lin...

IBM Cloud Pak for Security Encryption Issue Vulnerability

IBM Cloud Pak for Security CP4S is an open security platform from IBM that connects to your existing data sources, generates deeper insights, and enables you to act faster with automation. IBM Cloud Pak for Security CP4S suffers from an encryption issue vulnerability in versions 1.7.0.0, 1.7.1.0,...

CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38648

creationtimestamp| type| source ---|---|--- 2021-09-15 16:22:29+00:00| seen| https://t.me/cibsecurity/28884 2021-09-16 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/09/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/ 2021-11-08 08:58:19+00:00|...

Tenacity – An Adversary Emulation Tool for Persistence

Persistence is one of the more sought-after techniques of an attacker or adversary. Persistence is achieved through a set of tactics or techniques that adversaries use to maintain their foothold on compromised systems across restarts, changed credentials, and other interruptions that could cut of...

IBM Cloud Pak for Security Command Execution Vulnerability

IBM Cloud Pak for Security is an application from IBM USA, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability that could be exploited by a...

The evolution of a matrix: How ATT&CK for Containers was built

Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the...

CVE-2021-29099

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed not customer datasets. Web Services that use file based data sources file Geodatabase or Shape Files...

CVE-2021-29099

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed not customer datasets. Web Services that use file based data sources file Geodatabase or Shape Files...

Sql injection

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed not customer datasets. Web Services that use file based data sources file Geodatabase or Shape Files...

CVE-2021-29099 There is a SQL injection vulnerability in ArcGIS Server

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed not customer datasets. Web Services that use file based data sources file Geodatabase or Shape Files...