Rapid7 has disclosed two vulnerabilities as outlined below.
- The first vulnerability is a cross-site scripting vulnerability the team discovered in ManageEngine OpUtils, an enterprise switch port and IP address management system. This vulnerability allows a malicious actor to conduct attacks which can be used to modify the systems configuration, compromise data, take control of the product or launch attacks against the authenticated user’s hosts system.
- The second vulnerability deals with serial servers exposed on the internet, which are manufactured by Moxa. In 2013, Rapid7 reported about serial servers connected to the internet and security implications. The same issues that were reported then are also applicable for these devices – the team found a lack of authentication and encryption on these devices, which makes it possible for attackers to eavesdrop on the communication.
Please also see blog posts below detailing the vulnerabilities.
[su_box title=”About Rapid7″ style=”noise” box_color=”#336588″][short_info id=”60232″ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…