Overview Cisco has released a security advisory, announcing the existence of a REST API authentication bypass vulnerability (CVE-2019-1867) in Cisco Elastic Services Controller (ESC). This vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A...
Categoria: Emergency Response
Microsoft’s Security Patches for May Fix 82 Security Vulnerabilities Threat Alert
Overview Microsoft released May 2019 security patches on Tuesday that fix 82 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Kerberos, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine,...
Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert
1 Vulnerability Overview On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker...
Cisco IOS XR 64-Bit Critical Vulnerability (CVE-2019-1710) Threat Alert
Overview Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker...
Oracle April 2019 Critical Patch Update for All Product Families Threat Alert
Overview On April 16, 2019, local time, Oracle released its security advisory of the Critical Patch Update (CPU) for the second quarter. The CPU fixes 297 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (mais…)
Cisco Common Service Platform Collector Default Password Vulnerability (CVE-2019-1723) Threat Alert
Overview Cisco officially released a security advisory, announcing the fix of a vulnerability (CVE-2019-1723) existing in the Cisco Common Service Platform Collector (CSPC). This vulnerability exists because the affected software has a default account with a fixed password. An attacker could exploit this vulnerability to remotely access an affected device...
