Vulnerability Management
Blog Archive Tag
Vulnerability Management
-
Accepting Penetration Test Risks & How Compensating Controls Can Help
By Tim Semchenko Tim Semchenko discusses documenting acceptance of risks and implementing compensating controls as options when pentest findings cannot be fixed immediately. December 17, 2024 -
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
By Brad Herring In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22. October 31, 2022 -
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
By Raxis Research Team This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor. October 21, 2022 -
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
By Raxis Research Team Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777). July 21, 2022 -
CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
By Raxis Research Team Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245 June 7, 2022 -
CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
By Raxis Research Team Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting. May 17, 2022
