Browse By Tags

  • Cell Request Service protocol documentation

    Hello OpenText community, I am currently working on providing comprehensive coverage of the old Data Protector Buffer Overflow vulnerabilities, specifically CVE 2013-2324 to CVE 2013-2334, for some Intrusion Prevention System. These vulnerabilities…
  • HP Data Protector 'EXEC_INTEGUTIL' Arbitrary Command Execution

    hp data protector 'exec_integutil' command execution - vulnerability Microsoft Windows Server 2016 Standard
  • APM 9.51 - CVE-2020-1938

    We are running APM 9.51 and were alerted by our vulnerability management team that the catalina.jar could have exposure to the "GhostCat" vulnerability laid out in CVE-2020-1938. I have found references to CVE-2020-1938 for OBM but nothing for APM. …
  • Creating a DcSync Detection rule

    I'm working on a rule to detect DcSync Attacks, I did The Following: External ID = 4662 Target Username Not Endswith $ device vendor include Microsoft original agent type = winc but i found other values on the internet which i have to include…
  • Log4J Vulnerability in Silk Central 20.6

    We have the vulnerabilities in Silk Central 20.6 (CVE-2021-44228, CVE-2021-45105, CVE-2021-44832, CVE-2021-45046) and we need to fix them. What action do we need to take to resolve them?
  • Vulnerability - TLS Version 1.0 Protocol Detection detected on ALM Application Server on Port 2121

    Hi, Recieved the below vulnerability on port 2121 for application server. Below are the details severity ->high hostname -> A.B.C.D port -> 2121 protocol -> TCP Infrastructure Detail -> ALM 15 App Server name -> TLS Version 1.0 Protocol Detection…
  • How to update the log4j and struts2-core-2.5.20.jar files in APLS 10.9.0?

    Hi, We are using AutoPass License Server APLS 10.9.0 with different UFT versions. Critical Vulnerabilties have been detected for the following files: E:\Program Files\AutoPass\apls\apls\webapps\autopass\WEB-INF\lib\log4j-1.2.15.jar E:\Program…
  • Steps for changing Java Amazon Corretto version 1.8.0_282 to Java 1.8.0_321 ( build 8.342.07.1 or later) on ALM app server

    Hi , We are on ALM 15.5 Patch 1. Application Server OS is Windows Server 2016. In an application vulnerability scan that was recently conducted , it was identified that application has been installed and configured with Java Amazon Corretto version…
  • NAM Admin Console access missing basic security controls of Multi-Factor authentication for itself

    While NAM allows for MFA within the end-user experience for reverse proxied websites as well as SAML/OAuth federations, the very administrative interface of NAM offers nothing but simple username + password. For a security company, Micro Focus / NetIQ…
  • Summary of CyberRes impact from Spring4Shell

    ***Indicates where an update has occurred As we recently discussed at Micro Focus Universe , the software industry is still early in our collective adoption of mature software supply chain controls. This latest CVE reinforces the need for organizations…
  • Spring4shell: Another reminder of the importance of understanding and knowing what’s in your software supply chain

    Earlier this week, discussions began circulating about a new remote code execution flaw that affects Spring Framework. This vulnerability, which many are now calling "Spring4Shell" in the community, is a previously unknown security vulnerability which…
  • Are Micro Focus ITOM products affected by the CVE-2022-22965 Spring4Shell vulnerability?

    Can anyone from Micro Focus address this? According to information provided by our Security team, the prerequisites for the exploit are: JDK 9 or higher in place Apache Tomcat as the Servlet container Packaged as WAR spring-webmvc or spring…
  • Detect Log4Shell with Fortify WebInspect

    As part of our efforts at CyberRes to address the Log4j vulnerability , we are continuing to analyze this remote code execution vulnerability and address it. As you know, Log4j burst onto the scene last month and now Open Source Software is in the headlines…
  • Reimagining Cyber Podcast: Log4j vulnerability provides harsh lessons in unknown dependencies

    On 8 December 2020, FireEye announced they were a victim to a nation-state attack and several days later they discovered evidence that attackers had a backdoor in SolarWinds software and dubbed the attack as “ SUNBURST ”. Almost a year later to the…
  • Fortify Response to Log4j (CVE-2021-44228)

    A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j tool used in many Java-based applications was disclosed publicly on December 9, 2021. This vulnerability is also known as the Log4shell/Logjam vulnerability…
  • ArcSight Response to Log4j (CVE-2021-44228)—targeting Cyber Attacks

    A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j tool used in many Java-based applications was disclosed publicly on December 9, 2021. This vulnerability is also known as the Log4shell/Logjam vulnerability…
  • Summary of CyberRes impact from Log4J or Log4shell/LogJam (CVE-2021-44228) | Summary of Cyberres impacted by Denial of Service (DOS) (CVE-2021-45046) | Summary of Cyberres impacted by DOS (CVE-2021-45105)

    Last Updated: April 26, 2022 8:35 am MST ***Indicates where an update has occurred Micro Focus is continuing to analyze the remote code execution vulnerability of ( CVE-2021-44228 , CVE-2021-46046 ), and the Denial Of Service ( CVE-2021-45105 ) that…
  • Impact of log4j (CVE-2021-44228) incident on UFT One 2021

    Hello! Can anybody tell me if there is an impact on UFT regarding the log4j incident? I've found different log4j jar files in the installation folder of UFT? Best regards Chris
  • cve 2021-44228 log4j remediation

    Any word on whether PVCS version manager 8.6.2 is affected
  • Accurev Log4J vulnerability

    We have identified log4J being used with accurev. Need to understand how to turn off log4j if it is using internally. We have service tomcat, db, server and mosquito server running
  • Anyone know what MicroFocus' response is to the Log4j vulnerability?

    CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell) Anyone know what MicroFocus' response is to the Log4j vulnerability? What is the mitigation solution? Does it affecting OMi, OBR…
  • To Get a 360 Degree View of Application Risks, Open Source Software Must Be Considered

    I’ve been a Star Trek fan all my life. It was a thrill last week to see a 90-year old William Shatner launched into space , if only briefly, on a Blue Origin rocket. After landing back on Earth in the New Shepard capsule in West Texas, Shatner told Bezos…
  • How to integrate OpenVAS vulnerability scanner and ArcSight?

    Hi geeks, In a SOC, the OpenVas tool is used as a vulnerability monitoring system. While their SIEM is ArcSight. Today I have to configure OpenVAS send the scan results to the SIEM. But there seems to be no official Smart Connector for Greenbone OpenVAS…
  • Arcsight (Centos) vulnerabilities

    Hello, Rapid7 showing me a lot of vulnerabilities mostly Java CPU. Can I install Java 8 Update 301 on system without interfering with ArcSight ESM installed on ?
  • MAG Protection Against SQL Injection

    Hi, at the moment we do not have any protection n MAG to protect against SQL Injections. The idea is to have an Adv.Option that implement this protection, since, as far as I can see, the module is already present in Apache. https://httpd.apache…