CISA to Federal Agencies: Immediately Patch or ‘Disconnect’ Microsoft Exchange Servers

Subscribe to Newsletters

Interop Digital – Free Cybersecurity Event April 29
Communications & Collaboration: 2024 (March 9-10)

More Informa Tech Live Events

White Papers

Why Add Security to Your Skill Set and How to Do It

How Secure Are Your Endpoints?

Enabling Enterprise Resiliency Through Cyberthreat Detection

Protection Strategies for a Cyber-Resilient Organization

Data Orchestration: Critical Elements for Data Strategy and Infrastructure

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Your new device is too complex. Me stick with iWheel.

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today’s Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-21312
PUBLISHED: 2021-03-03

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen…

CVE-2021-21313
PUBLISHED: 2021-03-03

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper…

CVE-2021-21314
PUBLISHED: 2021-03-03

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.

CVE-2021-27931
PUBLISHED: 2021-03-03

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

CVE-2021-27935
PUBLISHED: 2021-03-03

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user’s cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

The post CISA to Federal Agencies: Immediately Patch or ‘Disconnect’ Microsoft Exchange Servers appeared first on Malware Devil.

https://malwaredevil.com/2021/03/03/cisa-to-federal-agencies-immediately-patch-or-disconnect-microsoft-exchange-servers/?utm_source=rss&utm_medium=rss&utm_campaign=cisa-to-federal-agencies-immediately-patch-or-disconnect-microsoft-exchange-servers