Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-3287PUBLISHED: 2021-04-22 Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. CVE-2021-31547PUBLISHED: 2021-04-22 An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to […]

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-3287PUBLISHED: 2021-04-22 Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. CVE-2021-31547PUBLISHED: 2021-04-22 An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to […]

In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors. Bug-bounty programs have accelerated in the past few years. Many organizations — bewitched by bounty programs’ promise of faster vulnerability identification, improved product security, and cost-effective outsourcing solutions — find themselves […]