Information Disclosure Issue in Verodin Director version 3.5.3.1 and earlier

Overview :
This advisory addresses a Information Disclosure vulnerability in Verodin Director affecting version 3.5.3.1 and earlier where an attacker can reveal usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.
Affected Product(s) :
  • Verodin Director version 3.5.3.1 and earlier
Vulnerability Details :
CVE ID : CVE-2019-10716
An attacker must have an existing authenticated connection to the Director (web interface) of Verodin and make a HTTP GET request to the /integrations.json JSON REST API endpoint.

Disclosure of usernames and passwords that integrations use to contact the security technologies.

Solution :
This vulnerability is mitigated by the requirement that the attacker must be authenticated with the Verodin Director (web interface).

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-34066 : TEXERCISE UP TO 0.0.12 ON PYTHON BACKDOOR

CVE-2022-34066 : TEXERCISE UP TO 0.0.12 ON PYTHON BACKDOOR

Description The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows

CVE-2022-32405 : SOURCECODESTER PRISON MANAGEMENT SYSTEM 1.0 VIEW_PRISON.PHP ID SQL INJECTION

CVE-2022-32405 : SOURCECODESTER PRISON MANAGEMENT SYSTEM 1.0 VIEW_PRISON.PHP ID SQL INJECTION

Description Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/view_prison.php:4 References

CVE-2022-20651 : CISCO ADAPTIVE SECURITY DEVICE MANAGER LOG FILE

CVE-2022-20651 : CISCO ADAPTIVE SECURITY DEVICE MANAGER LOG FILE

Description A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker