Lucene search
K

414 matches found

Qualys Blog
Qualys Blog
added 2023/07/20 2:45 p.m.17 views

Part I: Implementing Effective Cyber Security Metrics That Reduce Risk Realistically

As a CISO or business leader, some burning questions that often come to your mind are: How vulnerable is our cybersecurity posture? Are we better protected than we were three months or a year ago? Have our investments improved the cybersecurity posture and yielded any tangible benefits? Are my...

7AI score
Exploits0
NVD
NVD
added 2023/06/05 10:15 p.m.43 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS7.7AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2023/06/05 10:15 p.m.4 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS5.8AI score0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/05 10:15 p.m.4 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS7.1AI score0.00198EPSS
Exploits0References2
Prion
Prion
added 2023/06/05 10:15 p.m.19 views

Code injection

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

4.3CVSS7.8AI score0.00198EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/05 12:0 a.m.75 views

CVE-2023-3027

The vulnerability CVE-2023-3027 affects Red Hat Advanced Cluster Management for Kubernetes (ACM) where the grc-policy-propagator can perform privilege escalation by evaluating policies that pull dynamically obtained values, allowing access beyond the policy’s namespace. Root cause: policy propaga...

7.8CVSS7.6AI score0.00198EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/05 12:0 a.m.43 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.9AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/05 12:0 a.m.10 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.3AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2023/06/01 4:7 a.m.44 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS6.6AI score0.00198EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.5 views

Red Hat Advanced Cluster Management for Kubernetes 安全漏洞

Red Hat Advanced Cluster Management for Kubernetes is an advanced cluster management platform for Kubernetes from Red Hat, Inc. The platform provides features that offer policy-based governance and extended application lifecycle management. A security vulnerability exists in Red Hat Advanced...

7.8CVSS7.3AI score0.00198EPSS
Exploits0References4
NVD
NVD
added 2023/02/14 4:15 a.m.17 views

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

6.5CVSS6.3AI score0.00534EPSS
Exploits0References2
Prion
Prion
added 2023/02/14 4:15 a.m.19 views

Design/Logic Flaw

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

4CVSS6.3AI score0.00534EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/14 3:6 a.m.5 views

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

6.5CVSS6.3AI score0.00534EPSS
Exploits0References2
CVE
CVE
added 2023/02/14 3:6 a.m.57 views

CVE-2023-0019

CVE-2023-0019 affects SAP GRC (Process Control) versions GRCFND_A V1200 and V8100, and GRCPINW V1100_700, V1100_731, V1200_750. A remote-enabled function module allows an authenticated attacker with minimal privileges to access confidential data in client-specific tables, exposing user credential...

6.5CVSS6.2AI score0.00534EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/14 3:6 a.m.21 views

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

6.5CVSS6.5AI score0.00534EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/02/06 10:0 a.m.42 views

SaaS in the Real World: Who's Responsible to Secure this Data?

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...

0.3AI score
Exploits0
NVD
NVD
added 2022/11/14 4:15 p.m.23 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.4CVSS0.00485EPSS
Exploits1References2
Prion
Prion
added 2022/11/14 4:15 p.m.15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

4.9CVSS5.3AI score0.00485EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.34 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.4AI score0.00485EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.5 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.6AI score0.00485EPSS
Exploits1References2
Rows per page
Query Builder