PT-2022-4180 · Device42 · Device42 Cmdb

Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions 18.01.00 and prior versions. Description: The issue is related to an Argument Injection or Modification vulnerability in the Discovery component of Device42 CMDB, specifically in the "Change Secret" username field. This...

Know Your ServiceNow and Qualys Integrations

If you are a current ServiceNow customer interested in cybersecurity, this blog is for you. If you are a Qualys customer who also uses ServiceNow, this blog is for you too. ServiceNow and Qualys have enjoyed a multi-year partnership, being two of the premier SaaS vendors covering the IT and...

About CMDB Sync Integration with Qualys CyberSecurity Asset Management

Welcome to the first in a new series of blog posts about Qualys integrations. This first blog in the series covers our integrations as they relate to CMDB Sync, which is a part of Qualys CyberSecurity Asset Management CSAM and has two versions. One version is for basic ServiceNow customers who ha...

How to Quickly Prioritize Risks with VMDR 2.0 and Orchestrate Response with CMDB & ITSM Integration

A single source of truth for asset inventory enables Cybersecurity and IT teams to optimally automate risk prioritization and response. Qualys VMDR 2.0 with TruRiskTM leverages Qualys CSAM to automate the Asset Criticality Score, a key parameter of risk scoring. This blog explains how with insigh...

Reinventing Cybersecurity Asset Management

Because security teams need their own asset inventory solution In conversations with our customers, it’s very clear that organizations need to establish a comprehensive view of their IT asset infrastructure because you can’t secure what you don’t know or can’t see. But that comprehensive view nee...

U-Center - Command Execution Vulnerability in CMDB Management

Ltd. was established on 09/26/2003. The company's business scope includes: technology development, technical services, technical consulting, transfer of achievements, production and sales: electronic products, software, data communication equipment, broadband access equipment, network security...

VulnCheck KEV: CVE-2014-2617

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104...

Dive Deep into VMDR

Qualys devoted the second day of the QSC USA 2020 virtual conference entirely to vulnerability management, detection and response VMDR, a critical area for the security and compliance of hybrid cloud IT environments. Mehul Revankar, VP of Product Management and Engineering for VMDR at Qualys, set...

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

Remote code execution

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

CVE-2020-11853 Arbitrary code execution vulnerability on multiple Micro Focus products

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

i-doit CMDB <= 1.14.2 Multiple Vulnerabilities

i-doit CMDB is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail...

i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion

Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail BOZKURT...

i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail BOZKURT...

LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error

It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the...

The vulnerability of the page handler /api/cmdb web interface of the FortiOS operating system allows attackers to execute cross-site scripting attacks.

The vulnerability of the page handler /api/cmdb web interface of the FortiOS operating system is related to errors during HTTP request filtering. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks using specially crafted POST requests sent to the /api/cmdb page...

CVE-2017-9362

ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API...