Security Bulletin: ClassLoader manipulation with Apache Struts affecting InfoSphere Identity Insight (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by InfoSphere Identity Insight. Vulnerability Details CVEID: CVE-2014-0114 Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting...

Security Bulletin: Vulnerabilities in OpenSSL affect Cognos Insight (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Cognos Insight. Cognos Insight has addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Cognos Insight (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Cognos Insight Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Performing NetScaler SD-WAN Log Analysis

This article describes the logs description that are captured in a Citrix SD-WAN´s diagnostic data file. SD-WAN Logs Location In the SD-WAN version 9.x the logs will be in the following path: /home/talariuser/log/diag/vwstsdir.zip In the SD-WAN version 10.x the logs will be in the following path:...

FAQ: XenMobile Server Support

This article contains answers to the frequently asked questions on XenMobile Server Support. General What is XenMobile Server Support? How do I get to the support page on App Controller server? In which version of App Controller Support feature is available? What are the browsers and platforms...

Arm your users with knowledge to spot phishing attacks – for free!

Attendees to the Black Hat 2017 security conference said their No. 1 security concern and most time-consuming activity was phishing and social engineering attacks. That’s no surprise with the increase in Business Email Compromise BEC attacks and with most ransomware being delivered by email. But...

How to Upload Data to Citrix Insight Services (CIS)

Citrix Endpoint Management, using technology formerly called XenMobile Auto Support is a part ofCitrix Insight Services formerly known as TaaS, a Citrix initiative to simplify information gathering from customer environments, and also to provide automatic analysis of that data for common problems...

FAQ: Citrix Insight Services (CIS)

Citrix Endpoint Management, using technology formerly called XenMobile This article contains answers to frequently asked questions aboutCitrix Insight Services formerly known as TaaS. Contents General Citrix Insight Services Plug-ins Security Considerations File Uploading Analysis Feedback Genera...

@joshyzou/sendcrypto (>=1.0.0 <=1.0.2), accept-bitcoin (>=0.0.6 <=0.0.9) +14 more potentially affected by CVE-2018-1000023 via insight-api (=0.4.3)

insight-api NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on insight-api and may be impacted: - @joshyzou/sendcrypto =1.0.0, =0.0.6, =0.0.1, =4.0.0, =1.1.1, =4.1.0, =0.0.1, =4.1.1, =0.5.1, =0.8.7 and more Source cves: CVE-2018-1000023...

Insight API transaction broadcast endpoint can result in Full Path Disclosure

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...

GHSA-8P2P-P8MG-X3CW Insight API transaction broadcast endpoint can result in Full Path Disclosure

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...

HPE Matrix Operating Environment Software and Systems Insight Manager Software Clickjacking Vulnerability (CNVD-2018-05096)

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

HPE Matrix Operating Environment Software and Systems Insight Manager Software Information Disclosure Vulnerability

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

HPE Matrix Operating Environment Software and Systems Insight Manager Software Cross-Site Scripting Vulnerability

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

Unspecified Vulnerability in HPE Matrix Operating Environment Software and Systems Insight Manager Software

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

Unspecified Vulnerability in HPE Matrix Operating Environment Software and Systems Insight Manager Software (CNVD-2018-05095)

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

HPE Matrix Operating Environment Software and Systems Insight Manager Software Information Disclosure Vulnerability (CNVD-2018-05094)

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

HPE Matrix Operating Environment Software and Systems Insight Manager Software Elevation of Privilege Vulnerability

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

Bitpay/insight-api Insight-api transaction broadcast endpoint input validation vulnerability

Bitpay/insight-api Insight-api is a Bitpay payment software program that uses Bitcoin. transaction broadcast endpoint is one of the payment terminals. An input validation vulnerability exists in the transaction broadcast endpoint in Bitpay/insight-api Insight-api version 5.0.0 and earlier. An...

HPE Matrix Operating Environment Software and Systems Insight Manager Software Cross-Site Request Forgery Vulnerability

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...