Pegasystem Pega 安全漏洞

Pegasystem Pega is a Java-based business process management tool from the U.S. company Pegasystem. It is used to build enterprise applications. A security vulnerability exists in Pegasystem Pega that stems from a password authentication bypass vulnerability in local accounts that can be used to...

Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation

Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affected by this... This ...

File upload vulnerability in MCMS of Jiangxi Minsoft Technology Co. Ltd (CNVD-2022-44353)

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

MingSoft MCMS 代码问题漏洞

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

Adobe Acs-aem-commons cross-site scripting vulnerability

Adobe Acs-aem-commons is a Java-based codebase of AEM/CQ code collections generated from AEM by Adobe U.S. Adobe Acs-aem-commons 5.1.x and earlier versions contain a cross-site scripting vulnerability that could be exploited by an attacker to inject malicious JavaScript content into vulnerable fo...

Infographic: Log4Shell Vulnerability Impact by the Numbers

The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spanning every type of organization across every industry. Hard to find but easy to exploit, Log4Shell immediately places hundreds of millions of Java-based applications, databases, and devices at risk...

Jenkins CloudBees AWS Credentials Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a software project, a Java-based continuous integration tool for monitoring continuously recurring work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated. Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995...

Jenkins Release Helper Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a software project that is a Java-based continuous integration tool for monitoring continuous and repetitive work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated.A cross-site request forgery vulnerability exists...

MCMS has SQL injection vulnerability (CNVD-2022-17364)

MCMS is a lightweight open source content management system developed on java.MCMS is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...

Apache James 路径遍历漏洞

A path traversal vulnerability exists in Apache James, an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker could access other user data stores through this vulnerability...

‘Elephant Beetle’ Lurks for Months in Networks

Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity. The Sygnia Incident...

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

Since the Log4Shell vulnerability was first discovered, Qualys has analyzed and responded to the threat in a systematic way approaching it from all angles – detection, mitigation and remediation. Recognizing the challenge it poses to large enterprises, we recommend that organizations follow a...

Apache Log4j Code Execution Vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache Log4j 1.2 is vulnerable to a code issue that could be exploited by attackers to run code via JMSApender deserialization...

What SMBs can do to protect against Log4Shell attacks

As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell CVE-2021-44228, aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event...

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outsid...

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2021 Dec 18. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of th...

Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as...

JetBrains TeamCity has an unspecified vulnerability

TeamCity, a Java-based build management and continuous integration server from JetBrains, has a security vulnerability in the "agent push" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...

Critical Flaws Uncovered in Pentaho Business Analytics Software

Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...

Apache Dubbo formatting string error vulnerability

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...