Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of August 22 - 28. Sign up to get these updates right to your inbox!

AUGUST 27, 2021

Microsoft

Microsoft Azure Cosmos DB guidance has been released after a misconfiguration had been fixed for the Azure cloud. This page explains how to roll and regenerate certificate keys and how to secure access to data in Azure Cosmos DB.

Sources: docs.microsoft.com

Cacti

There are multiple cross cite scripting vulnerabilities in Cacti 1.2.12. The affected systems are reports_admin.php, data_queries.php, datat.ph_inpup, graph_templates.php, graphs.php, reports_admin.php and data_input.php.

Sources: nvd.nist.gov

IBM

There is a vulnerability to cross-site scripting for IBM Maximo Asset Management 7.6.0 and 7.6.1. This vulnerability could lead to disclosure of private credentials.

Sources: nvd.nist.gov

AUGUST 26, 2021

Cisco

Cisco released security updates for multiple products that addressed vulnerabilities that could allow a threat actor to take control of an affected system. The products include Cisco Application Policy Infrastructure Controller Arbitrary File, BlackBerry QNX-2021-001, Cisco NX-OS Software VXLAN OAM (NGOAM), Cisco NX-OS Software MPLS OAM, Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP, Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge, Cisco Application Policy Infrastructure Controller and Cisco Application Policy Infrastructure Controller App.

Sources: tools.cisco.com

OpenZepplin

OpenZepplin has vulnerabilities that affect certain versions of TimelockController that could allow an attacker to escalate privileges.

Sources: github.com

AUGUST 25, 2021

VMware

VMware released security updates for multiple products to prevent an attacker from being able to take control of an affected system.

Sources: vmware.com

OpenSSL

OpenSSL released a security update for version 1.1.1k to address vulnerabilities that could lead to a denial-of-service condition.

Sources: openssl.org

F5

F5 released a security advisory for multiple versions of BIG-IP and BIG-IQ.

Sources: support.f5.com

AUGUST 24, 2021

CISA

CISA released five Pulse Secure-related MARs (malware analysis report).

Sources: us-cert.cisa.gov

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES