Rapid7 has disclosed two vulnerabilities as outlined below.
- The first vulnerability is a cross-site scripting vulnerability the team discovered in ManageEngine OpUtils, an enterprise switch port and IP address management system. This vulnerability allows a malicious actor to conduct attacks which can be used to modify the systems configuration, compromise data, take control of the product or launch attacks against the authenticated user’s hosts system.
- The second vulnerability deals with serial servers exposed on the internet, which are manufactured by Moxa. In 2013, Rapid7 reported about serial servers connected to the internet and security implications. The same issues that were reported then are also applicable for these devices – the team found a lack of authentication and encryption on these devices, which makes it possible for attackers to eavesdrop on the communication.
Please also see blog posts below detailing the vulnerabilities.
[su_box title=”About Rapid7″ style=”noise” box_color=”#336588″][short_info id=”60232″ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…