Rewterz Threat Alert – Mispadu Banking Trojan Resurfaces

September 24, 2020

Rewterz Threat Alert – MoDi RAT Spreading Via Email

September 25, 2020

Rewterz Threat Advisory – Multiple vulnerabilities in IBM Security Secret Server

September 24, 2020

Severity

Low

Analysis Summary

CVE-2020-4340

IBM Security Secret Server could allow a remote attacker to bypass security restrictions, caused by improper input validation.

CVE-2019-11358

jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2019-14862

Knockout is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Security bypass
Cross-site scripting
Cookie theft

Affected Vendors

IBM

Affected Products

IBM Security Secret Server 10.8

Remediation

Refer to IBM Security Bulletin 6336361 for patch, upgrade or suggested workaround information.

https://www.ibm.com/support/pages/node/6336361

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us