Rewterz

Rewterz Threat Advisory – Apache SkyWalking SQL injection

August 7, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-3411 – Cisco DNA Center Information Disclosure Vulnerability

August 7, 2020

Rewterz Threat Advisory – CVE-2020-3472 – Cisco Webex Meetings User Email Address Information Disclosure Vulnerability

Severity

Medium

Analysis Summary

The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.

Impact

Information Disclosure

Affected Vendors

Cisco

Affected Products

Cisco Webex

Remediation

Refer to Cisco advisory for the list of complete list of affected products and their respective patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.