Remove 2018 Remove Authentication Remove Security Defenses
article thumbnail

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

The problem: Unpatched Citrix NetScaler ADC and Gateway appliances allow attackers to retrieve authentication session cookies and other information stored in buffers. allow for authentication bypass and gain root access to systems. account”) failed to verify secret tokens received for authentication before making API requests.

article thumbnail

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. The security bulletin was last updated August 25.

VPN 98
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Is API Security? Definition, Fundamentals, & Tips

eSecurity Planet

Apps are protected from unauthorized access, data breaches, and other unwanted actions thanks to proactive defenses that prevent and mitigate vulnerabilities, misconfigurations, and other security weaknesses. Integration with continuous development and integration (CI/CD) processes is also important to speed and track security fixes.

article thumbnail

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. The security bulletin was last updated August 25.

VPN 95
article thumbnail

Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms

eSecurity Planet

The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). The authentication bypass permits the establishment of rogue admin accounts, but the deserialization flaw allows remote code execution, potentially giving attackers complete control over the affected servers.

Malware 80
article thumbnail

Weekly Vulnerability Recap – August 14, 2023 – Old or New, Vulnerabilities Need Management

eSecurity Planet

Cybersecurity and Infrastructure Security Agency (CISA) recently published an analysis of the top 12 vulnerabilities exploited in 2022. Seven of these vulnerabilities were discovered between 2018 and 2021 and remained unpatched! Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

article thumbnail

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

eSecurity Planet

If your web pages are redirecting improperly or a seemingly authenticated user suddenly starts making odd changes within a privileged web app, that’s your cue to look more closely at the web page’s code. In 2018, British Airways was attacked by a group of hackers that used an XSS vulnerability in a JavaScript library.

Risk 104