Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution...

Security Bulletin: Vulnerability in Apache Log4j affects Netcool Operation Insight (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool Operation Insight to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused b...

Security Bulletin: Apache Log4j vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches.

Summary Apache Log4j Java logging library vulnerability - CVE-2021-44228 affecting versions prior to v2.15 impacts DCNM Network Management Software. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused ...

Security Bulletin: IBM Netcool Agile Service Manager is affected by a vulnerability in Apache Log4j (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Netcool Agile Service Manager. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) may affect IBM Watson Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability CVE-2021-44228 has been identified related to Apache Log4j that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer t...

2021. The age of the super vulnerability?

I don’t know about you, but to me it seems that every week we are seeing another vulnerability that not only grants significant access to the vulnerable system but also more widely internally. This last week we have seen the latest round of Microsoft Exchange vulnerabilities. The April 2021 updat...

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. The critical vulnerability tracked as CVE-2017-10151, has been assigned the highe...

Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)

Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: 7.9, 8.1, 9.0, 9.1 Tested on: Windows XP,...

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-132 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...