CVE-2022-43570 - Exploiting Splunk Enterprise – How XXE Injection Lets Attackers Leak Data
Splunk Enterprise is one of the most popular platforms for searching, monitoring, and analyzing machine-generated big data. But sometimes, security vulnerabilities pop up even in
CVE-2022-3340: XML External Entity (XXE) Vulnerability in Trellix IPS Manager Results in Admin Interface Exploitation
A newly discovered vulnerability, CVE-2022-3340, has been identified in the Trellix IPS Manager versions prior to 10.1 M8. The critical bug occurs due to
CVE-2022-42745 - How XXE Bugs in CandidATS 3.. Allow Hackers to Steal Any File
CandidATS is an open source applicant tracking system, often used by businesses to manage resumes and job applications. In version 3.., though, a serious security
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
Information on possible vectors of attack and fixes can be found here. Information on possible vectors of attack and fixes can be found here. CVE-2018-3092
CVE-2022-43353 The system was found to have a SQL injection vulnerability. The id parameter was vulnerable.
Reportedly, if an attacker sends a request with an arbitrary id value, they can execute SQL commands to get administrator privileges. With this flaw, an
Episode
00:00:00
00:00:00