Boost productivity of your DevOps teams and deliver superior digital experiences with Akamai Cloud Delivery Platform - Part 3

In the first and second part of this blog series, we discussed the challenges associated with cloud adoption and how you can leverage Akamai Cloud Delivery Platform, the world's largest and most trusted cloud delivery platform, to achieve the scalability, availability, reliability, security and...

Security update for libzypp (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...

openSUSE Security Update : libzypp / zypper (openSUSE-2017-893)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : Security issues fixed : - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes : - Re-probe on refresh if the...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...

SUSE-SU-2017:2040-1 Security update for libzypp, zypper

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...

Introducing InsightAppSec: Cloud-powered Application Security Testing

Rapid7 announces today the launch of InsightAppSec, the newest product to be delivered on the Insight platform. InsightAppSec combines the power and accuracy of Rapid7s industry-leading and proven Dynamic Application Security Testing DAST engine with the quick deployment, scalability, and...

Authentication flaw

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information,...

CVE-2017-4989

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information,...

CVE-2017-4989

CVE-2017-4989 affects EMC Avamar Server Software releases listed (7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401). Root cause: unauthenticated remote bypass of authentication to access the system maintenance page, enabling viewing of sensitive info and execution of maintenance tas...

A Growing Symphony of Security Analytics Tools Needs Careful Orchestration

Security analytics tools available to companies are increasing rapidly. However, cyber incident and vulnerability prevention, detection, response, and recovery times remain significant challenges as the types of attacks and attack vectors increase. Newer cyber analytics using machine learning are...

InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)

In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR users, who now had the capabilities of a SIEM, powered by user behavior analytics UBA and endpoint detection. Soon we started to roll...

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

Information Disclosure

products.poi is vulnerable to information disclosure. In workflows, the issues tracker inside private folder is visible to anonymous users...

SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows

SEC Consult Vulnerability Lab Security Advisory 20150409-0 ======================================================================= title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Comala Workflows newtask.action taskName has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows newtask.action script handles A cross-site scripting vulnerability exists in taskName, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...

Multiple Cross-Site Scripting Vulnerabilities in Comala Workflows saveproperties.action

Comala Workflows is a WEB-based application. Multiple cross-site scripting vulnerabilities exist in the Comala Workflows saveproperties.action script, which can be exploited by a remote attacker to construct a malicious URI and trick a user into parsing it, which can be used to obtain a sensitive...

Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action Cross-Site Request Forgery Vulnerability

Comala Workflows is a WEB-based application. A cross-site request forgery vulnerability exists in Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action, which allows remote attackers to construct malicious URIs, trick users into parsing them, and execute malicious actions in the...

Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action script processing attachment-macro has a cross-site scripting vulnerability that can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it...

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Comalatech Comala Workflows 4.6.1 CSRF / XSS

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for Confluence 4.3...