1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rapid7 disclosed 6 XSS and SQLi flaws in 4 Network Management Systems, 2 unpatched

Discussion in 'Network World' started by RSS, Dec 16, 2015.

  1. RSS

    RSS New Member Member

    Rapid7 disclosed six vulnerabilities affecting four Network Management Systems, two of which are not patched. The vendors are Opsview, Spiceworks, Ipswitch, and Castle Rock with the latter having neither issued a security bulletin nor a fix for two vulnerabilities in its NMS.

    An “an array of cross-site scripting (XSS) and SQL injection (SQLi)” vulnerabilities found in NMS products were discovered by Rapid7’s Deral Heiland, aka Percent_X, and independent researcher Matthew Kienow, aka HacksForProfit. The flaws were responsibly disclosed to the vendors and CERT.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page