CVE-2022-3340: XML External Entity (XXE) Vulnerability in Trellix IPS Manager Results in Admin Interface Exploitation
A newly discovered vulnerability, CVE-2022-3340, has been identified in the Trellix IPS Manager versions prior to 10.1 M8. The critical bug occurs due to
CVE-2022-42745 - How XXE Bugs in CandidATS 3.. Allow Hackers to Steal Any File
CandidATS is an open source applicant tracking system, often used by businesses to manage resumes and job applications. In version 3.., though, a serious security
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
Information on possible vectors of attack and fixes can be found here. Information on possible vectors of attack and fixes can be found here. CVE-2018-3092
CVE-2022-43353 The system was found to have a SQL injection vulnerability. The id parameter was vulnerable.
Reportedly, if an attacker sends a request with an arbitrary id value, they can execute SQL commands to get administrator privileges. With this flaw, an
CVE-2022-31678 - Breaking Down the VMware Cloud Foundation NSX-V XXE Vulnerability
In late 2022, VMware disclosed a notable security flaw: CVE-2022-31678. This vulnerability affects VMware Cloud Foundation systems running the NSX for vSphere (NSX-V) network virtualization
Episode
00:00:00
00:00:00