CVE-2020-8471

CVE-2020-8471 affects ABB Central Licensing System (CLS) across multiple ABB products (800xA, Compact HMI, Symphony Plus, Harmony/Melody components, Knowledge Manager, etc.). The root issue is weak file permissions on the CLS, allowing an authenticated attacker to block license handling, escalate...

CVE-2020-8471 ABB Central Licensing System - Weak File Permissions

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8479 ABB Central Licensing System - XML External Entity Injection

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8476 ABB Central Licensing System - Elevation of Privilege Vulnerability

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8476

CVE-2020-8476 affects ABB CLS across ABB Ability System 800xA and related components, where a weakness in input validation in the Central Licensing Server allows an attacker to alter licenses assigned to system nodes. Reported impact is license manipulation (credentials/permissions could be misap...

Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary WebSphere liberty is vulnerable to a DOS that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial ...

Security Bulletin: Java Quarterly CPU affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Vulnerabilities in Java are affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no...

Security Bulletin: Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Vulnerabilities in Apache CXF and Swagger are affecting WebSphere Liberty in Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by...

SAS@Home Virtual Summit Showcases New Threat Intel, Industry Changes

As the COVID-19 pandemic continues to force in-person cybersecurity event cancellations, Kaspersky is forging ahead with a virtual security summit, SAS@home. Topics on the agenda include threat intel on advanced persistent threats APTs, new vulnerability research, and topics related to a...

Principles of a Cloud Migration – Security, The W5H – Episode WHAT?

Teaching you to be a Natural Born Pillar! Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of...

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...

August 2013 cumulative time zone update for Windows operating systems

August 2013 cumulative time zone update for Windows operating systems Summary This update supersedes and replaces the update that is described in Microsoft Knowledge Base KB article 2779562, which was released in December 2012. All additional time zone changes that were released as hotfixes after...

October 2012 cumulative time zone update for Windows operating systems

October 2012 cumulative time zone update for Windows operating systems Summary This update supersedes and replaces update 2633952, which was released in December 2011 and 2732052 which was released in August 2012 through Download Center. All additional time zone changes released as hotfixes after...

December 2013 cumulative time zone update for Windows operating systems

December 2013 cumulative time zone update for Windows operating systems Summary This update supersedes and replaces the update that is described in Microsoft Knowledge Base KB article 2863058, which was released in August 2013. All additional time zone changes that were released as hotfixes after...

Description of Office Access Runtime and Data Connectivity Components 2007 SP3

Describes the improvements that Office Access Runtime and Data Connectivity Components 2007 SP3 provides and the issues that it fixes.IntroductionMicrosoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 3 SP3 provides the latest updates to Microsoft Office Access 2007...

Description of the hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010

Description of the hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010 Introduction This article describes the issues in Microsoft System Center Data Protection Manager DPM 2010 that are fixed in the Data Protection Manager 2010 hotfix rollup package version...

Description of the Office Web Apps Server update: March 12, 2013

Description of the Office Web Apps Server update: March 12, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server. This update provides the latest fixes for Office Web Apps Server. Additionally, this update contains stability and performance improvements. Known...

Unspecified Vulnerability in Oracle Knowledge (CNVD-2020-26991)

Oracle Knowledge is a complete knowledge management solution that provides personalized and seamless cross-channel service and support. A security vulnerability exists in the Information Manager Console component in Oracle Knowledge 8.6.0-8.6.3. An attacker could exploit the vulnerability to...

Oracle Knowledge Web Applications - Unspecified Vulnerability in InfoCenter Component

Oracle Knowledge is a suite of knowledge management solutions. An unspecified vulnerability exists in the Oracle Knowledge Web Applications - InfoCenter component, which can be exploited by an attacker to compromise Oracle Knowledge, impacting the availability, confidentiality and integrity of da...

Unspecified Vulnerability in Oracle Knowledge

Oracle Knowledge is the United States Oracle Oracle company's set of knowledge management solutions. Information Manager Console is one of the information management console components. A security vulnerability exists in the Information Manager Console component of Oracle Knowledge versions 8.6.0...