RSS   Vulnerabilities for 'Securewatch managed services'   RSS

2021-08-06
 
CVE-2021-38136

CWE-22
 

 
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A �??low privileged�?? attacker can read any file on the target host.

 
 
CVE-2021-38137

CWE-287
 

 
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user�??s privileges, allowing a user to perform actions not belonging to his role.

 


Copyright 2024, cxsecurity.com

 

Back to Top