March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – ICS: Philips Tasy EMR Vulnerabilities
November 5, 2021
Rewterz Threat Advisory – CVE-2021-29753 – IBM Business Automation Workflow
November 8, 2021
Rewterz Threat Advisory – ICS: Philips Tasy EMR Vulnerabilities
November 5, 2021
Rewterz Threat Advisory – CVE-2021-29753 – IBM Business Automation Workflow
November 8, 2021
Severity
High
Analysis Summary
CVE-2021-95907
The affected product is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.
CVE-2021-42535
The affected product does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.
CVE-2021-42537
The affected software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2021-34803: CVE-2020-13699: CVE-2019-18988: CVE-2018-16550: CVE-2018-14333: CVE-2005-2475
The affected product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy. The following CVEs are associated with this product.
Impact
- Cross-Site Scripting
- Unauthorized Access
- Exposure of Sensitive Data
Affected Vendors
- VISAM
Affected Products
- VBASE Pro-RT/ Server-RT (Web Remote): Version 11.6.0.6
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.