Overview Recently, NSFOCUS CERT found that Spring officially issued a security notice, which fixed a Spring Boot authentication bypass vulnerability (CVE-2023-20873). When Spring Boot is deployed to Cloud Foundry and there is code/cloudFoundryapplication/* * that can handle matching requests, and used in conjunction with a catch all request mapping that...
Blog
Communication Port Between ADS M & Portal
Scenario Integrate Portal on the External Network with ADS M on the Internal Network. Required Ports The Portal has a dedicated public IP address. ADS M intranet uses a single public egress IP for external connectivity, and any access to the public network must go through this IP. To establish...
Apache Druid Remote Code Execution Vulnerability Notice
Overview Recently, NSFOCUS CERT found that an Apache Druid remote code execution vulnerability was publicly disclosed online. Under default configuration, Apache Druid supports loading data from Kafka. Unauthenticated remote attackers can implement JNDI injection attacks by modifying Kafka connection configuration properties, ultimately leading to the execution of arbitrary code on...
Google Chrome Skia Integer Overflow Vulnerability (CVS 2023-2136) Notice
Overview Recently, NSFOCUS CERT found that Google officially fixed an integer overflow vulnerability in Chrome Skia (CVE-2023-2136). Due to a flaw in Skia, when the value exceeds the maximum limit of integer type due to arithmetic operations, an integer overflow will occur. The attacker triggers this vulnerability by inducing users...
Who Will Be the Winner? – Top 10 Finalists at RSAC 2023 Innovation Sandbox at a Glance
RSAC Innovation Sandbox contest 2023 will be held on April 24th at Moscone South, San Francisco. As the "Oscar of Cybersecurity," the RSAC Innovation Sandbox contest is highly anticipated every year. Let’s take a look at the top 10 finalists this year.  Figure 1 The 2023 Top 10 Finalists...
Looking Forward to Seeing You at RSAC 2023
Moscone Center, South Hall, Booth # 4301 - San Francisco, CA, United States We are exhibiting at RSA Conference 2023. This is a great opportunity for you to network with cybersecurity’s forward-thinking global community and explore innovative, new technology. Connect with NSFOCUS executives and security experts to discuss how to manage unexpected risks...
