Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

The vulnerability of the Apache InLong data integration platform, related to the recovery of unreliable data in memory, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache InLong data integration platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by sending specially created data...

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform, known as CP4D, arises from improper external management of file names or paths. This allows attackers to modify any arbitrary files or data within the system.

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform CP4D is related to improper external management of file names or paths. Exploiting this vulnerability could allow a attacker to modify any arbitrary files or data within the system...

Building Your Privacy-Compliant Customer Data Platform (CDP) with First-Party Data

In today's digital era, data privacy isn't just a concern; it's a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer Data Platform CDP...

The vulnerability of the JoltTransform component in the Apache NiFi data processing platform allows attackers to execute cross-site scripting attacks.

The vulnerability of the JoltTransform component in the Apache NiFi data processing platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2023-50713

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

CVE-2023-50713

CVE-2023-50713 – Speckle Server Token Privilege Escalation : Affects Speckle Server versions prior to 2.17.6. When creating a new token (via app with token write scope or frontend-2), the requesting token must authorize the new token, but the service did not verify that the new token’s privileges...

Licensing Requirement Changes in Veeam Recovery Orchestrator 7

Article Applicability The license changes detailed in this article do not affect Veeam Cloud Service Providers due to how rental licenses are generated, operated, and supported. Summary Due to enhanced integrations and architectural changes across the Veeam Data Platform, there are new license...

File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.

Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...

Siemens COMOS Sensitive Information Plaintext Transfer Vulnerability

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. A plaintext transfer of sensitive information vulnerability exists in Siemens COMOS. Th...

Siemens COMOS Buffer Overflow Vulnerability (CNVD-2023-86341)

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. A buffer overflow vulnerability exists in Siemens COMOS, which can be exploited by an...

Cisco HyperFlex HX Data Platform Input Validation Error Vulnerability

The Cisco HyperFlex HX Data Platform is a high-performance, scalable distributed file system that supports a wide range of virtual machine monitoring programs and provides a range of enterprise-class data management and optimization services. An input validation error vulnerability exists in Cisc...

CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

Input validation

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

CVE-2023-20263

CVE-2023-20263 affects Cisco HyperFlex HX Data Platform, specifically the web-based management interface. The issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and potentially redirect th...

CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

Cisco HyperFlex HX Data Platform Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

PT-2023-4965 · Cisco · Cisco Hyperflex Hx Data Platform

Name of the Vulnerable Software and Affected Versions: Cisco HyperFlex HX Data Platform versions 5.0 through 5.5 Description: The issue is related to improper input validation of parameters in an HTTP request, allowing an unauthenticated, remote attacker to redirect a user to a malicious web page...

Cisco HyperFlex HX Data Platform 输入验证错误漏洞

The Cisco HyperFlex HX Data Platform is a high-performance, scalable distributed file system that supports a wide range of virtual machine monitoring programs and provides a range of enterprise-class data management and optimization services. An input validation error vulnerability exists in Cisc...

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...