SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)

Vulnerabilities Summary
The following advisory describes a Cross-Site Scripting (XSS) vulnerability found in WebSphere Portal version 8.0.0.1.

IBM WebSphere Portal products provide enterprise web portals that help companies deliver a highly-personalized, social experience for their customers. WebSphere Portal products give users a single point of access to the applications, services, information and social connections they need. These products help increase visitor response and reduce web operations cost while offering a range of capabilities to meet your business needs.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We notified IBM of the vulnerability back in September 2016, repeated attempts to re-establish contact and get some answer on the status of the patches for this vulnerability went unanswered. At this time there is no solution or workaround for this vulnerability.

Continue reading SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)

Know your community – Beist (SeungJin Lee)

On our last blog post “Know your community” we interviewed Ionut Popescu from Romania. Today we had the honor to interview Beist (SeungJin Lee)!

Introduction
SeungJin Lee, known as Beist is a 32 years old security researcher from South Korea. Beist is the founder of GrayHash (pen-testing company) and highly regarded security research that found over 100 vulnerabilities.

Continue reading Know your community – Beist (SeungJin Lee)

SSD Advisory – SAP Afaria SQL Injection

Vulnerabilities Summary
The following advisory describes an SQL injection vulnerabilities in the SAP Afaria Service Pack 4 HotFix 15 that can lead to execute arbitrary code.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Responses
SAP Afaria has released patch to address the vulnerability – SP5

Continue reading SSD Advisory – SAP Afaria SQL Injection

Know your community – Ionut Popescu

When we sponsored DefCamp Romania back in November 2016, I saw Ionut Popescu lecture “Windows shellcodes: To be continued” and thought to myself “He’s must be a key figure in the Romanian security community – I must interview him” so I did!

Introduction
Ionut is working as a Senior Penetration Tester for SecureWorks Romania. Speaker at DefCon and DefCamp, writer of NetRipper, ShellcodeCompiler and a family man.

Continue reading Know your community – Ionut Popescu