Rewterz Threat Advisory – CVE-2021-43561 – Google for Jobs extension for TYPO3
November 12, 2021Rewterz Threat Advisory – CVE-2021-31853 – McAfee Drive Encryption (MDE)
November 12, 2021Rewterz Threat Advisory – CVE-2021-43561 – Google for Jobs extension for TYPO3
November 12, 2021Rewterz Threat Advisory – CVE-2021-31853 – McAfee Drive Encryption (MDE)
November 12, 2021Severity
Medium
Analysis Summary
CVE-2020-4140
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4146
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing ‘HttpOnly’ flag. A remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Cross-Site Scripting
- Information Disclosure
Affected Vendors
IBM
Affected Products
- IBM Security SiteProtector System 3.1.1
Remediation
Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.
CVE-2020-4140
CVE-2020-4146