It’s not just the breach, it’s the speed of the breach response…
Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.me I’ve been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book…
OpenIAM before 22.214.171.124 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.
OpenIAM before 126.96.36.199 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file’s encryption key to successfully exploit. All versions before 7.11 are affected.
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server’s certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected.
OpenIAM before 188.8.131.52 allows remote attackers to execute arbitrary code via Groovy Script.
OpenIAM before 184.108.40.206 allows Directory Traversal in the Batch task.
OpenIAM before 220.127.116.11 allows XSS in the Add New User feature.