8 Security Tools to be Unveiled at Black Hat USA

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2021-07-28

This affects all versions of package curly-bracket-parser.
When used as a template library, it does not properly sanitize the user input.

PUBLISHED: 2021-07-28

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

PUBLISHED: 2021-07-28

This affects the package elFinder.AspNet before 1.1.1.
The user-controlled file name is not properly sanitized before it is used to create a file system path.

PUBLISHED: 2021-07-28

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

PUBLISHED: 2021-07-28

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.

Source link

Leave a Comment

Your email address will not be published. Required fields are marked *