Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4428PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611PUBLISHED: 2019-12-09IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612PUBLISHED: 2019-12-09IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621PUBLISHED: 2019-12-09IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-19230PUBLISHED: 2019-12-09An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
User Rank: Ninja
7/9/2018 | 7:52:42 PM
While I generally agree with you, I will say that one thing that concerns me about stereotypes and stereotypical perceptions is the generalized notion (certainly not all of them) of hackers and IT admins and devs pooh-poohing the lawyers and compliance peeps, which could be problematic for a CISO if that view pervaded to that level.
Of course, technically, security, compliance, and privacy are all three separate circles on the Venn diagram of data stewardship... perhaps we need a Chief Data Steward to oversee -- or, at least, help integrate -- all three.