CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Design/Logic Flaw

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2019-2538

CVE-2019-2538 is a vulnerability in the Oracle Managed File Transfer (MFT Runtime Server) component of Oracle Fusion Middleware . Affected versions are 19.1.0.0.0 and 12.2.1.3.0 . The issue allows a low-privileged attacker who can access the service over the network via HTTP to compromise MFT, po...

CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Oracle Managed File Transfer Access Control Error Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, and other features.Managed File Transfer is one of the file transfer management components. An access control...

Privilege Escalation

cfme is vulnerable to privilege escalation attacks. The vulnerability exists as it was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on...

China's APT10

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's "I Hunt Sysadmins" presentation, published by the Intercept. EDITED TO ADD 1/5: Another article on the...

OVERRULED: Containing a Potentially Destructive Adversary

Introduction FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions th...

US Indicts Two Chinese Government Hackers Over Global Hacking Campaign

The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Huaknown online as Afwar, CVNX, Alayos and Godkiller and Zhang Shilong known online a...

CVE-2018-18810 TIBCO Managed File Transfer Credentials Disclosure

The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases...

CVE-2018-18810

CVE-2018-18810 affects TIBCO Managed File Transfer Command Center (Administrator Service) and TIBCO Managed File Transfer Internet Server. An authenticated user with specific privileges can access credentials maintained by or for other systems, enabling credential disclosure. Affected releases in...

Input validation

The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases...

CVE-2018-18810

The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases...

CVE-2018-18810

The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases...

TIBCO Security Advisory: December 11, 2018 - TIBCO Managed FileTransfer

TIBCO Managed File Transfer Credentials Disclosure Original release date: December11, 2018 Last revised: CVE-2018-18810 Source: TIBCO Software Inc. TIBCO Managed File Transfer Credentials Disclosure Original release date: December 11, 2018 Last revised: -- Source: TIBCO Software Inc. Systems...

CVE-2018-0679

Cross-site scripting vulnerability in multiple FXC Inc. network devices Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Powe...

CVE-2018-0679

Cross-site scripting vulnerability in multiple FXC Inc. network devices Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Powe...

Philips iSite and IntelliSpace PACS

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact...

Cybersecurity Awareness Month: Cb Customer Spotlight with Stonewall Kitchen’s William Bocash

Editor's Note: Stonewall Kitchen upgraded to next-gen AV with Cb Defense and Cb Protection. William Bocash an I.T. Manager for Stonewall Kitchen and author of this blog has more than 17 years experience in the information technology industry, and recently attended Cb Connect 2018. To wrap up the...