374 matches found
The vulnerability of the ABB VPNI function in the S+ Control API of the software for management and monitoring of ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst allows a perpetrator to trigger a service failure.
The vulnerability of the ABB VPNI function in the S+ Control API of the ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst software for management and monitoring systems is related to errors in processing relative paths. Exploiting this vulnerability can allow attackers to cause...
CVE-2024-20424
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...
CVE-2024-20424
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...
6 Simple Steps to Eliminate SOC Analyst Burnout
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and...
Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges
Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...
The vulnerabilities of the Analyst component, Web Player, and Automation Services of the Spotfire Analyst platform, as well as the Spotfire Server and AWS Spotfire for AWS Marketplace analytical platforms, allow attackers to execute arbitrary code.
The vulnerabilities of the Analyst component, Web Player, and Automation Services of the Spotfire Analyst platform, as well as the Spotfire Server and the analytics platform based on cloud services AWS Spotfire for AWS Marketplace, are related to insufficient validation of input data. Exploiting...
CVE-2024-3331
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
CVE-2024-3331 Spotfire: NTLM token leakage
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
CVE-2024-3331 Spotfire: NTLM token leakage
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
CVE-2024-3331
CVE-2024-3331 affects TIBCO Spotfire products: Enterprise Runtime for R - Server Edition (1.12.7–1.20.0), Statistics Services (12.0.7–12.3.1, 14.0.0–14.3.0), Analyst (12.0.9–12.5.0, 14.0.0–14.3.0), Desktop (14.0–14.3.0), and Server (12.0.10–12.5.0, 14.0.0–14.3.0). The issue is described as an NTL...
CVE-2024-3330 Spotfire Remote Code Execution Vulnerability
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...
Multiple TIBCO Software Products Security Vulnerabilities
TIBCO Software Spotfire Server and others are products of TIBCO Software, Inc. TIBCO Software Spotfire Server is a platform for integrating, running and managing organizations based on TIBCO Spotfire a data analysis and mining tool.TIBCO Software Spotfire Statistics Services is a comprehensive...
Multiple TIBCO Software Products Security Vulnerabilities
TIBCO Software Spotfire Server and TIBCO Software Spotfire Analyst are both products of TIBCO Software, Inc. of the U.S.A. TIBCO Software Spotfire Server is a suite of data analysis and mining tools based on TIBCO Spotfire that provide integration and management for organizations. TIBCO Software...
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...
PT-2024-4654 · Tibco · Spotfire For Aws Marketplace +2
Name of the Vulnerable Software and Affected Versions: Spotfire Analyst versions 12.0.9 through 12.5.0 Spotfire Analyst versions 14.0 through 14.0.2 Spotfire Server versions 12.0.10 through 12.5.0 Spotfire Server versions 14.0 through 14.0.3 Spotfire Server versions 14.2.0 through 14.3.0 Spotfire...
CVE-2024-0335
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...
CVE-2024-0335 Malformed Packet Handling
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...
CVE-2024-0335
CVE-2024-0335 concerns ABB Symphony Plus S+ products (Operations, Engineering, Analyst) with a vulnerability in the ABB VPNI feature of the S+ Control API. The issue stems from errors in processing relative paths within VPNI, which can enable denial of service. Affected versions include S+ Operat...