Lucene search
K

414 matches found

Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.7 views

PT-2022-26859 · Unknown · Eramba Grc

Name of the Vulnerable Software and Affected Versions: Eramba GRC Software version c2.8.1 Description: A stored cross-site scripting XSS issue in the Add function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. This enables...

5.4CVSS6AI score0.00485EPSS
Exploits1References6
CVE
CVE
added 2022/11/14 12:0 a.m.68 views

CVE-2022-43342

CVE-2022-43342 describes a stored cross-site scripting (XSS) vulnerability in Eramba GRC Software version c2.8.1, exploitable via a crafted payload injected into the KPI Title field in the Add function. The CVE notes that attackers can execute arbitrary web scripts or HTML, with the impact limite...

5.4CVSS5.2AI score0.00485EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/09/13 4:15 p.m.28 views

CVE-2022-39801

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and...

7.5CVSS0.00588EPSS
Exploits0References2
Prion
Prion
added 2022/09/13 4:15 p.m.20 views

Session fixation

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and...

4.6CVSS7.5AI score0.00588EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/13 3:43 p.m.3 views

CVE-2022-39801

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and...

7.5AI score0.00588EPSS
Exploits0References2
CVE
CVE
added 2022/09/13 3:43 p.m.51 views

CVE-2022-39801

CVE-2022-39801 relates to SAP GRC Access Control Emergency Access Management. An authenticated attacker can access a Firefighter session after it is closed in the Firefighter Logon Pad, with exploitation possible only inside the firewall, potentially enabling access to an admin session and comple...

7.5CVSS7.4AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/13 3:43 p.m.38 views

CVE-2022-39801

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and...

7.7AI score0.00588EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/09/13 1:7 p.m.30 views

How GRC protects the value of organizations — A simple guide to data quality and integrity

Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver...

0.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.8 views

PT-2022-24999 · Sap · Sap Grc Access Control

Name of the Vulnerable Software and Affected Versions: SAP GRC Access control affected versions not specified Description: The issue allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the...

7.5CVSS7.4AI score0.00588EPSS
Exploits0References8
OSV
OSV
added 2022/06/20 8:17 p.m.8 views

MAL-2022-1524 Malicious code in bfx-facs-grc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e22f7cc8c986b668efaad78ffe1fb54f9e0fc005376943ab669c9883b6464c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.2 views

Malicious code in bfx-facs-grc-slack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d68b2d23fdbc513af252da8c8fe29ba0d5899a93e9142ae773ba68ff7b60190 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.4 views

Malicious code in bfx-proxy-grc-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10e94e06f004a17e582b795ae2695865df501e2ae73e23c466ea97f5c47b43a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:17 p.m.9 views

MAL-2022-1544 Malicious code in bfx-proxy-grc-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10e94e06f004a17e582b795ae2695865df501e2ae73e23c466ea97f5c47b43a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.5 views

Malicious code in bfx-facs-grc-s3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cfcf4ec66cbefa85f2c259a3d914576dc423f2569c6a432be4ad3c4e41ae949 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:17 p.m.7 views

MAL-2022-1525 Malicious code in bfx-facs-grc-s3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cfcf4ec66cbefa85f2c259a3d914576dc423f2569c6a432be4ad3c4e41ae949 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rockylinux
Rockylinux
added 2022/05/17 6:40 a.m.17 views

new packages: hunspell-grc

An update is available for hunspell-grc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 7:30 p.m.39 views

Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.

Summary Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC. Vulnerability Details CVEID: CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to properly assert that the type of public key in an...

6.5CVSS7.1AI score0.06975EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/12/14 4:15 p.m.3 views

CVE-2021-44233

SAP GRC Access Control - versions V1100700, V1100731, V1200750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges...

8.8CVSS7.3AI score0.00802EPSS
Exploits0References3
NVD
NVD
added 2021/12/14 4:15 p.m.20 views

CVE-2021-44233

SAP GRC Access Control - versions V1100700, V1100731, V1200750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges...

8.8CVSS0.00802EPSS
Exploits0References2
Prion
Prion
added 2021/12/14 4:15 p.m.11 views

Authorization

SAP GRC Access Control - versions V1100700, V1100731, V1200750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges...

6.5CVSS8.7AI score0.00802EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder