22 matches found
What is Identity Dark Matter?
The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own...
CVE-2021-32836
ZStack is open source IaaSinfrastructure as a service software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the data to be...
Apache CloudStack Code Issue Vulnerability
Apache CloudStack is a set of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack, which stems from ...
Apache CloudStack Input Validation Error Vulnerability (CNVD-2024-41660)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...
Apache CloudStack Access Control Error Vulnerability
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from an Access Control Error vulnerability...
Apache CloudStack Security Bypass Vulnerability (CNVD-2024-20837)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a security bypass vulnerability that...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...
Apache CloudStack Security Feature Issue Vulnerability
Apache CloudStack is an Infrastructure-as-a-Service IaaS cloud computing platform from the Apache Foundation. The platform is primarily used to deploy and manage large networks of virtual machines.A security feature issue vulnerability exists in versions of Apache CloudStack prior to 4.16.1.0,...
Dell EMC Integrated System Elevation of Privilege Vulnerability
DELL EMC Integrated System is a native hybrid cloud platform for infrastructure and platform-as-a-service from Dell USA. An elevation of privilege vulnerability exists in Dell EMC Integrated System for Microsoft Azure Stack Hub. The vulnerability stems from an incorrect programmatic call to an...
CVE-2021-32829
ZStack REST API is affected by a post-authentication Remote Code Execution (RCE) vulnerability via bypass of the Groovy sandbox. The GET zstack/v1/batch-queries?script endpoint processes a Groovy script through APIBatchQueryMsg.script, evaluated in BatchQuery.query, with sandboxing applied by San...
A Quick Look Into Cloud Security Posture Management (CSPM)
The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...
Rocky Enterprise Software Foundation OpenStack Platform 16.1 bug fix and enhancement advisory
An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 13 bug fix and enhancement advisory
Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on commonly available...
IR & Forensics in the Cloud
More and more organisations are moving their business to the cloud. This makes securing data and being able to respond effectively to incidents in cloud environments an important topic. Having the skills on hand to properly collect digital forensics data in response to a legal dispute or during a...
How to Prepare for Misconfigurations Clouding the Corporate Skies
Cloud-based storage and infrastructure provides myriad benefits for any organization, like letting them avoid the costs of expensive hardware and granting them quick access to infrastructure as needed. Companies can use cloud services for minutes or years, depending on their needs. However, there...
Information Disclosure
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...
Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 13.0 director Bug Fix Advisory
Updated director installer packages that resolve various issues are now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on...
Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory
Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 12.0 Pike for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on commonly available...
Red Hat CloudForms Management Engine Design Vulnerability
The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. A security vulnerability exists in the CloudForms account configuration in Red Hat CFME. An attacker could use the vulnerability to view and change...