Datarobot — Remote Code Execution

Read Time:23 Second

Posted by Michael Coers on Feb 18

Exploit Title: Datarobot — Remote Code Execution
Date: 9/28/2021
Vendor Homepage: https://www.datarobot.com
Software Link: https://app.datarobot.com/
Version: TBD – awaiting build version from vendor
Tested on: The issue affects all versions of the product up to the date of this submission
Exploit Authors: Mike Coers & Pathfynder Inc
Exploit Contact: sm0key a t dnsfiltrate_io & micheal.coers a t pathfynder dot_io
Exploit Technique:…

Read More

MartFury Marketplace – Cross Site Scripting Vulnerability

Read Time:15 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
MartFury Marketplace – Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2282

Release Date:
=============
2022-02-17

Vulnerability Laboratory ID (VL-ID):
====================================
2282

Common Vulnerability Scoring System:
====================================
5.5

Vulnerability Class:
====================
Cross Site…

Read More

Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2312

Release Date:
=============
2022-02-17

Vulnerability Laboratory ID (VL-ID):
====================================
2312

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
SQL Injection…

Read More

WordPress v5.9 – Reflected Cross Site Scripting Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Wordpress v5.9 – Reflected Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2316

Release Date:
=============
2022-02-09

Vulnerability Laboratory ID (VL-ID):
====================================
2316

Common Vulnerability Scoring System:
====================================
4.2

Vulnerability Class:
====================
Cross…

Read More

Car Portal Template – (Search) Persistent Web Vulnerability

Read Time:15 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Car Portal Template – (Search) Persistent Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2299

Release Date:
=============
2022-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
2299

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site…

Read More

McAfee Enterprise SSE: Named a Leader In 2022 Gartner Magic Quadrant for SSE

Read Time:4 Minute, 9 Second

Companies continue to accelerate their digital transformation and hybrid work strategies with security remaining top of mind. For a growing number of enterprises, the solution has been the deployment of a Security Service Edge (SSE). Introduced as a market category by Gartner, per our view we believe SSE is the consolidation of Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Access Network (ZTNA) within a single, cloud-delivered solution for securing access to web, cloud, and private applications from any corner of the world, mitigating user and cloud threats, and protecting sensitive cloud data at rest, in transit, or in use.

Recognizing the significant role SSE is filling in cybersecurity, Gartner® has published its first ever Magic Quadrant report for SSE. We are honored to announce that the McAfee Enterprise SSE Portfolio has been recognized as a Leader for its solution MVISION Unified Cloud Edge (UCE) in the report, positioned rightmost for “Completeness of Vision.” Our cloud-native platform is architected for the SSE market and boasts a next-gen SWG, and the industry’s first data-aware ZTNA solution, empowering our customers in their cloud and network transformations. It was also recognized as a Leader for Gartner Magic Quadrant for Cloud Access Security Brokers Leader for four successive years 2017–2020.

2022 Gartner Magic Quadrant for Security Service Edge (Source: Gartner)

In 2021, McAfee Enterprise SSE made several updates and additions to its MVISION UCE solution, strengthening its position as an industry expert, including:

Highly innovative Remote Browser Isolation (RBI) technology integrated with MVISION UCE for advanced threat protection, data security and visibility through unified policies.
Full-featured data security portfolio, including native integration of Enterprise DLP for unified data protection and incident management across cloud, web, private apps and endpoints.
Extensive Cloud Security Posture Management (CSPM) capabilities, including Shift Left scanning to detect and correct misconfigurations and drift early in the CI/CD pipeline.
Support of SaaS Security Posture Management (SSPM) for continuous assessment of SaaS security landscape and remediating misconfigurations.
Presence backed by worldwide sales and support, along with a massively upgraded cloud footprint.
Includes comprehensive solutions, such as RBI for risky websites, across all the pricing tiers at no additional cost.
Rapidly expanding CASB Connect Program, which allows cloud service providers or partners to build lightweight API connections to the MVISION Cloud, leading several new service providers to adopt MVISION Cloud.

As a companion report to the Magic Quadrant, Gartner has also published its Critical Capabilities report for SSE, which shares deep insights into the product capabilities of each vendor based on a specific set of use cases. The below use cases are included in this year’s SSE Critical Capabilities Report:

Secure Web and Cloud Usage
Detect and Mitigate Threats
Connect and Secure Remote Workers
Identify and Protect Sensitive Information

MVISION UCE received the highest score across all four use cases, paving way for the SSE market in features and functionality. We believe our rich heritage in DLP, strong CSPM/SSPM, and deep usage of the MITRE ATT&CK framework have been the key contributors towards our #1 position across use cases in the Critical Capabilities report.

We are extremely proud of the recognition for our vision and product innovation. Our singular goal is to build a more secure world. To learn more about how Gartner assessed the market and the MVISION UCE solution, download your copy of the report here.

You can also join our webinar on March 9, 2022, for a deep dive into why McAfee Enterprise SSE is a Leader in the 2022 Gartner Magic Quadrant for SSE.

Click here for a free demo of the MVISION UCE solution.

Gee Rittenhouse
CEO, McAfee Enterprise SSE Portfolio

Gartner Disclaimer: Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from McAfee.
Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner “Magic Quadrant for Security Service Edge” (SSE), John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, 15 February 2022
Gartner “Critical capabilities for Security Service Edge” (SSE), John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, 15 February 2022

As of 28, January 2022, McAfee Enterprise is now the McAfee Enterprise SSE Portfolio.

 

 

 

 

 

The post McAfee Enterprise SSE: Named a Leader In 2022 Gartner Magic Quadrant for SSE appeared first on McAfee Blog.

Read More

Multiple Vulnerabilities in Adobe Commerce and Magento Could Allow for Remote Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Adobe Commerce and Magento Open Source, the most severe of which could allow for remote code execution.

Adobe Commerce is a leading provider of cloud commerce innovation to merchants and brands across B2C and B2B industries.
Magento is a web-based e-commerce application written in PHP.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Dangerous privilege escalation bugs found in Linux package manager Snap

Read Time:33 Second

Researchers found an easy-to-exploit vulnerability in Snap, a universal application packaging and distribution system developed for Ubuntu but available on multiple Linux distributions. The flaw allows a low-privileged user to execute malicious code as root, the highest administrative account on Linux.

The vulnerability, tracked as CVE-2021-44731, is part of a series of flaws that researchers from security firm Qualys found in various Linux components while investigating the security of Snap. This latest one, along with a separate issue tracked as CVE-2021-44730, are in snap-confine, the tool responsible for setting up Snap application sandboxes.

To read this article in full, please click here

Read More