VMware vRealize Log Insight 跨站脚本漏洞

VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight versions prior to 8.8.2, which stems from improper input escaping i...

VMSA-2022-0019:VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities

Advisory ID: VMSA-2022-0019 CVSSv3 Range: 3.9 Issue Date:2022-07-12 Updated On: 2022-07-12 Initial Advisory CVEs: CVE-2022-31654, CVE-2022-31655 Synopsis: VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities RSS Feed Download PDF Download Text File Share this...

Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM InfoSphere Identity Insight (CVE-2021-35550, CVE-2021-35603, CVE-2022-21496)

Summary There are multiple vulnerabilities in the IBM Java used in IBM InfoSphere Identity Insight II. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

MAL-2022-3848 Malicious code in insight-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba314194b15912d401f23ce9b762acf1484ab7a4617af34be695242515b1e711 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Vulnerabilities fixed in Ctrix ADC and Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. The vulnerabilities allow a remote malicious party able to effect a denial-of-service DoS. For CVE-2022-27508 does not require authentication, while CVE-2022-27507 does. The CVE-2022-27507 vulnerability is only exploitable when...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

Vulnerabilities have been discovered in Citrix ADC and Citrix Gateway that, if exploited, could result in a denial of service. These vulnerabilities have the following identifiers: CVE-ID| Description| CWE| Pre-conditions ---|---|---|--- CVE-2022-27507| Authenticated denial of service| CWE-400:...

Security Bulletin: Updating OpenJDK in Identity Insight 10.0 to 17.0.2

Summary This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.2. Vulnerability Details This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.0.2. NOTE: Please substitute...

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver

...

Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row

For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing DAST solution with container and cloud security, security...

Security Bulletin: Vulnerability in IBM Java JRE affects IBM InfoSphere Identity Insight (CVE-2021-35578)

Summary A vulnerability in the IBM Java JRE affects IBM InfoSphere Identity Insight. An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors...

Rapid7 Insight Agent has an unspecified vulnerability

Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. The software is capable of collecting data from IT assets.A security vulnerability exists in Rapid7 Insight Agent version 3.1.2.38 and prior versions, which stems from the fact that Rapid7 Insight Agent version 3.1.2.38 and prior...

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

Privilege escalation

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier are affected by a privilege-escalation flaw in ir_agent.exe caused by an unquoted runas.exe argument. This allows an attacker with local access to hijack execution flow and gain elevated, persistent access on the machine. The issue has been fixed...

CVE-2022-0237 Rapid7 Insight Agent Privilege Escalation

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

Rapid7 Insight Agent 代码问题漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. The software is capable of collecting data from IT assets.A security vulnerability exists in Rapid7 Insight Agent version 3.1.2.38 and prior versions, which stems from the fact that Rapid7 Insight Agent version 3.1.2.38 and prior...

WordPress Insight Core has an unspecified vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Insight Core has a security vulnerability that can be exploited by attackers with roles as low as...

CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

CVE-2021-24950 Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...