Fortinet FortiEDR Trust Management Issue Vulnerability

Fortinet FortiEDR is a scratch-built endpoint security solution from Fortinet, U.S.A. Fortinet FortiEDR is vulnerable to a trust management issue that could be exploited by an unauthenticated attacker to disguise and spoof messages from other collectors...

Secure your healthcare devices with Microsoft Defender for IoT and HCL’s CARE

It wasn’t long ago that medical devices were isolated and unconnected, but the rise of IoT has brought real computing power to the network edge. Today, medical devices are transforming into interconnected, smart assistants with decision-making capabilities. Any device in a medical setting must be...

Secure your healthcare devices with Microsoft Defender for IoT and HCL’s CARE

It wasn’t long ago that medical devices were isolated and unconnected, but the rise of IoT has brought real computing power to the network edge. Today, medical devices are transforming into interconnected, smart assistants with decision-making capabilities. Any device in a medical setting must be...

temoignages.re Improper Access Control vulnerability OBB-2424763

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

IBM Security Guardium Insights输入验证错误漏洞

IBM Security Guardium Insights is a data security solution from IBM Corporation. The product supports data analytics, threat alerts, data security auditing and local data monitoring. IBM Security Guardium Insights has an input validation error vulnerability in v3.0, which stems from the fact that...

IBM Security Guardium Insights Information Disclosure Vulnerability (CNVD-2022-08968)

IBM Security Guardium Insights is a data security solution from IBM Corporation. IBM Security Guardium Insights has an information disclosure vulnerability in version 3.0 that stems from a failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to...

Trend Micro Deep Security Code Injection Vulnerability

Trend Micro Deep Security is a suite of intelligent data protection solutions from Trend Micro. A code injection vulnerability exists in the Trend Micro Deep Security Agent that stems from an input validation error when handling directory traversal sequences. An attacker could use this...

Log4j “Log4Shell” RCE explained (CVE-2021-44228)

Hello everyone! I decided to make a separate episode about Log4Shell. Of course, there have already been many reviews of this vulnerability. But I do it primarily for myself. It seems to me that serious problems with Log4j and similar libraries will be with us for a long time. Therefore, it would...

Fortinet FortiClient Elevation of Privilege Vulnerability (CNVD-2021-102008)

FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...

Best practices in WAF gateways to meet the demands of digital transformation

Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...

IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2022-05090)

IBM Security Secret Server is a privileged access management solution from IBM Corporation. The product supports password management, privileged account identification, and privileged session access monitoring logs.IBM Security Secret Server 11.0 previously had a security vulnerability that stemm...

CVE-2021-26606

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...

Authorization

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...

CVE-2021-26606

Affected product: Dream Security PKI Security SolutionVulnerability: Arbitrary command execution due to insufficient validation of the authorization certificate, exploitable via a crafted HTTP request to an affected program.Impact: Remote code execution on the target system (as described in sourc...

CVE-2021-26606 DreamSecurity MagicLine Buffer Overflow Vulnerability

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...

IBM Security Access Manager Appliance Privilege License and Access Control Issues Vulnerability

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM, USA. The product is mainly used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnosis. IBM Security Access Manager...

Preparing for your migration from on-premises SIEM to Azure Sentinel

The pandemic of 2020 has reshaped how we engage in work, education, healthcare, and more, accelerating the widespread adoption of cloud and remote-access solutions. In today’s workplace, the security perimeter extends to the home, airports, the gym—wherever you are. To keep pace, organizations...

Preparing for your migration from on-premises SIEM to Azure Sentinel

The pandemic of 2020 has reshaped how we engage in work, education, healthcare, and more, accelerating the widespread adoption of cloud and remote-access solutions. In today’s workplace, the security perimeter extends to the home, airports, the gym—wherever you are. To keep pace, organizations...

Optimize security with Azure Firewall solution for Azure Sentinel

Security is a constant balance between proactive and reactive defenses. They are both equally important, and neither can be neglected. Effectively protecting your organization means constantly optimizing both prevention and detection. That’s why we’re excited to announce a seamless integration...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. An information disclosure vulnerability exists in IBM Security Guardium version 11.2. An attacker could exploit this vulnerabilit...