Aggregator

CVE-2007-3594 | AdventNet Manageengine Netflow Analyzer 7 traceroute ping.do searchTerm cross site scripting (EDB-30275 / XFDB-35263)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in AdventNet Manageengine Netflow Analyzer 7. It has been classified as problematic. This affects an unknown part of the file ping.do of the component traceroute. The manipulation of the argument searchTerm leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2007-3594. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CISA Adds One Known Exploited Vulnerability to Catalog

CISA News
5 months 1 week ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-51378 CyberPanel Incorrect Default Permissions Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Releases New Public Version of CDM Data Model Document

CISA News
5 months 1 week ago

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated public version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act (FISMA) metrics.

The CDM Data Model Document provides a comprehensive description of a common data schema to ensure that prescribed diagnostic activities within CDM solutions are consistent across all participating federal agencies. Agencies leverage the common data schema to accomplish these critical objectives: 

  • Reduce agency threat surface.
  • Increase visibility into the federal cybersecurity posture.
  • Improve federal cybersecurity response capabilities.
  • Streamline FISMA reporting.

Vendors also can benefit from the CDM Data Model Document.

For additional information, visit the Continuous Diagnostics and Mitigation (CDM) Program web page.

CISA

Managed ad