Category Archives: Advisories

CVE-2020-4970

Read Time:17 Second

IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.

Read More

CVE-2021-26630

Read Time:12 Second

Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.

Read More

CVE-2021-26631

Read Time:12 Second

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.

Read More

USN-5424-2: OpenLDAP vulnerability

Read Time:19 Second

USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.

Read More

DSA-5140 openldap – security update

Read Time:14 Second

Jacek Konieczny discovered a SQL injection vulnerability in the back-sql
backend to slapd in OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, allowing an attacker to alter the database
during an LDAP search operation when a specially crafted search filter
is processed.

Read More

A Vulnerability in VMware Products Could Allow for Authentication Bypass

Read Time:44 Second

Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in Authentication Bypass.

VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More