EUVD-2024-42723

Malicious code in bioql PyPI...

EUVD-2024-42721

Malicious code in bioql PyPI...

EUVD-2024-42714

Malicious code in bioql PyPI...

MAL-2025-22683 Malicious code in hotel-etm-project (npm)

The package hotel-etm-project was found to contain malicious code...

Malicious code in hotel-etm-project (npm)

The package hotel-etm-project was found to contain malicious code...

Security Bulletin: Custom "Execution States" names on IBM Engineering Test Management TCER pages are vulnerable to XSS ( CVE-2021-38934 )

Summary ETM allows customization of "Execution States" names, allowing the injection of XSS payloads and making them vulnerable to XSS. Custom values into the names of "Execution States" are not encoded while displaying them on the "Test Cases Execution Records" TCER pages, allowing the execution...

Qualys Unveils mROC: The Industry’s First Managed Risk Operation Center To Help Partners Scale Risk Management Services

The launch of Enterprise TruRisk Management ETM, the world’s first Risk Operations Center ROC in the cloud, in October 2024 has met with an overwhelmingly positive reception from customers. They see the potential of a unified approach to managing cyber risk. We recognize that setting up and...

CVE-2024-47519

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47518

Specially constructed queries targeting ETM could discover active remote access sessions...

CVE-2024-47517

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access...

CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47519

CVE-2024-47519 is tied to Arista Edge Threat Management – Arista NG Firewall: backup uploads to ETM can be intercepted via a man-in-the-middle. The advisory details the affected product family and versions (NGFW/ETM, 17.1.1 and prior) and provides explicit remediation guidance. The root cause is ...

CVE-2024-47518 Specially constructed queries targeting ETM could discover active remote access sessions

Specially constructed queries targeting ETM could discover active remote access sessions...

CVE-2024-47518 Specially constructed queries targeting ETM could discover active remote access sessions

Specially constructed queries targeting ETM could discover active remote access sessions...

CVE-2024-47517 Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access...

CVE-2024-47517

CVE-2024-47517: Affects Arista Edge Threat Management - NG Firewall (ETM) versions 17.1.1 and earlier. Root cause: expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access. Impact: potential exposure of admin tokens, enabling unauthoriz...

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista USA. A security vulnerability exists in Arista NG Firewall that originates from an ETM access timeout unit that may find an expired and unusable administrator authentication token...

PT-2025-2770

Name of the Vulnerable Software and Affected Versions: ETM affected versions not specified Description: The issue concerns a man-in-the-middle vulnerability in ETM backup uploads. This allows an attacker to intercept backup uploads to ETM. Recommendations: At the moment, there is no information...

Announcing TruRisk™ 2.0: Unleashing Next-Level Precision in Cyber Risk Management

In cybersecurity, quantifying risk with precision is essential for robust security posture management. At Qualys, we continuously refine our methodologies to meet and exceed the evolving demands of vulnerability management and risk management. In October 2024, the launch of Qualys Enterprise...

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...