Jose Castro Almeida

#12873de 53,640
20.8CVSS total
Vulnerabilidades · 3
Média
1
Alta
2
PT-2020-17759
5.5
2020-02-27
Apple · Macos Catalina · CVE-2020-3866
**Nome do software vulnerável e versões afetadas** Versões do macOS Catalina anteriores à 10.15.3 **Descrição** A vulnerabilidade permite que um invasor contorne o Gatekeeper ao procurar e abrir um arquivo a partir de uma montagem NFS controlada por ele. Isso foi corrigido com verificações adicionais do Gatekeeper em arquivos montados por meio de um compartilhamento de rede. **Recomendações** Para versões do macOS Catalina anteriores à 10.15.3, atualize para o macOS Catalina 10.15.3 para resolver o problema. Como solução alternativa temporária, considere restringir o acesso a montagens NFS de fontes não confiáveis para minimizar o risco de exploração.
PT-2019-17081
8.2
2019-08-20
Ibm · Ibm Infosphere Identity Insight · CVE-2019-4433
**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Global Name Management versions 5.0 through 6.0 IBM InfoSphere Identity Insight versions 8.1 through 9.0 **Description** The issue allows a remote attacker to exploit an XML External Entity Injection (XXE) attack when processing XML data, potentially exposing sensitive information or consuming memory resources. **Recommendations** For IBM InfoSphere Global Name Management versions 5.0 through 6.0, update to a version that includes a fix for the XML External Entity Injection (XXE) attack. For IBM InfoSphere Identity Insight versions 8.1 through 9.0, update to a version that includes a fix for the XML External Entity Injection (XXE) attack. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.
PT-2019-16873
7.1
2019-07-30
Ibm · Ibm I2 Intelligent Analyis Platform · CVE-2019-4062
**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform versions 9.0.0 through 9.1.1 **Description** The issue is related to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources. **Recommendations** For IBM i2 Intelligent Analyis Platform versions 9.0.0 through 9.1.1, consider disabling XML data processing until a patch is available to prevent potential XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.