SANTA CLARA, Calif., Aug 3, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced the general availability of NSFOCUS Intelligent Security Operations Platform (ISOP), an innovative security analytics and intelligent operations platform that can streamline the security analyst experience, rejuvenate threat response efficiency and improve security...
Category: Blog
QNAP Multiple Vulnerabilities Notification
Overview Recently, NSFOCUS CERT monitored that QNAP officially released the QVPN code execution vulnerability and QANP denial-of-service vulnerability. Affected users should take protective measures as soon as possible. VPN Code Execution Vulnerability (CVS 2022-27595): There is a code execution vulnerability in the Windows version of the QVPN client, which can...
Metabase Remote Code Execution Vulnerability (CVS 2023-38646) Notification
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-38646). Unauthenticated attackers can successfully exploit this vulnerability to execute arbitrary commands with Metabase server privileges on the target server. Affected users should take protective measures as soon as possible. Reference link: https://www.metabase.com/blog/security-advisory Scope of Impact Affected version...
NSFOCUS Tops China’s Hardware WAF Market for Four Consecutive Years
IDC released the market share research report on China's hardware WAF market share recently. NSFOCUS ranks first with a market share of 11.9%, leading the WAF market in China for four consecutive years from 2019 to 2022. NSFOCUS's next-generation WAF has been selected by more than 5,000 organizations and has...
Innovative Access Control Approach Published in IEEE Transactions on Systems, Man, and Cybernetics: Systems
NSFOCUS Security Labs recently collaborated with the research team from the School of Computer Science at China University of Geosciences (Wuhan) on a research paper titled "Computable Access Control: Embedding Access Control Rules into Euclidean Space". This paper has been officially accepted and published online by the prestigious international journal...
Spring Security Identity Authentication Bypass Vulnerability (CVS 2023-34034)
Overview Recently, NSFOCUS CERT monitored Spring's official security announcement and disclosed an identity bypass vulnerability in Spring Security. Using '**' as the pattern in the Spring Security configuration of WebFlux can cause a pattern mismatch between Spring Security and Spring WebFlux, and may result in identity authentication bypass. CVSS score...
