CVE-2019-12591

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 are affected by CVE-2019-5496 due to missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The connected NVD entry lists CVSS scores (2.0/3.0) indicating network access with no authentication...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Network Performance Insight

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version IBM JRE 8.0.5.27 that is used by IBM® Network Performance Insight. IBM® Network Performance Insight has addressed the applicable CVE. Vulnerability Details If you run your own Java code by using the IBM Java Runtime that i...

The vulnerability of the software tools for managing network resources, Junos Space Service Now and Junos Space Service Insight, is related to errors in managing registration data. This vulnerability allows an attacker to access account information stored in plain text.

The vulnerability of the Junos Space Service Now and Junos Space Service Insight software for managing network resources is related to errors in managing registration data. Exploiting this vulnerability can allow an attacker to access registered data stored in plaintext format...

Lessons learned from the Microsoft SOC—Part 2: Organizing people

In the second post in our series, we focus on the most valuable resource in the security operations center SOC—our people. This series is designed to share our approach and experience with operations, so you can use what we learned to improve your SOC. In Part 1: Organization, we covered the SOC’...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight (CVE-2018-3180, CVE-2018-12547)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

The vulnerability of the vRealize Log Insight log management tool, related to authentication errors, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the vRealize Log Insight log management tool is related to authentication errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2019-0032

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper...

CVE-2019-0032 Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files.

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper...

com.dtstack:dt-insight-hive-shade (>=4.1.2-RELEASE <=4.1.3), io.eels:eel-hive_2.11 (=1.0.2) +4 more potentially affected by CVE-2017-12625 via org.apache.hive:hive-exec (=2.1.0)

org.apache.hive:hive-exec MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - com.dtstack:dt-insight-hive-shade =4.1.2-RELEASE, =2.6.1, =2.6.1, =2.7.1 Source cves: CVE-2017-12625 Source...

Security Bulletin: Missing Secure HTTP Headers

Summary During internal penetration testing we identified that the IBM i2 Enterprise Insight Analysis application could be made more secure with the addition of some HTTP headers. Vulnerability Details CVEID: CVE-2018-1525 DESCRIPTION: IBM i2 Intelligent Analyis Platform could allow a remote...

Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539

Summary IBM i2 Enterprise Insight Analysis is delivered with the IBM Java Runtime. A vulnerability was discovered in the IBM Java Runtime that can leave the product vulnerable to attacks allowing arbitrary code to be injected. Vulnerability Details CVEID: CVE-2018-12539 DESCRIPTION: Eclipse OpenJ...

DRUPAL-CONTRIB-2019-014

Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service. The module does not properly...

Cross site request forgery (csrf)

An issue was discovered in creditease-sec insight through 2018-09-11. departdelete in srcpm/app/admin/views.py allows CSRF...

CVE-2019-6507

An issue was discovered in creditease-sec insight through 2018-09-11. loginuserdelete in srcpm/app/admin/views.py allows CSRF...

CVE-2019-6508

An issue was discovered in creditease-sec insight through 2018-09-11. rolepermdelete in srcpm/app/admin/views.py allows CSRF...

Cross site request forgery (csrf)

An issue was discovered in creditease-sec insight through 2018-09-11. rolepermdelete in srcpm/app/admin/views.py allows CSRF...