Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


March, 2014


oVirt 3.4 Session Fixation and CSRF Vulnerabilities

Disclosed March 17, 2014
Vendors: Red Hat
Vulnerability Severity: Medium
Exploit Impact: Session Hijacking
Exploit Availability:
BI Analytics Reporting

The Best Vulnerability Management Reporting and Analytics

Posted March 13, 2014    Morey Haber

The number one reason why our customers choose BeyondTrust for enterprise vulnerability management is simple: The BeyondInsight Reporting and Analytics capabilities included with Retina CS Enterprise Vulnerability Management exceed the capabilities of every single competitor combined. Retina CS with BeyondInsight is the only vulnerability management solution that ships with an integrated, structured big data warehouse…

, , , , , ,

XnView JXR IFD_ENTRY Processing Integer Overflow Vulnerability

Disclosed March 13, 2014    Zeroday : 575 days
Vendors: XnSoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available

Addressing the MAS Technology Risk Management Guidelines with Privilege and Vulnerability Management

Posted March 12, 2014    Morey Haber

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and financial regulatory authority. The MAS frequently releases guidelines that address emerging technologies and evolving threat landscape. In June 2013, the MAS created an updated set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandates certain requirements for Technology Risk Management…

, , , , ,

Claws Mail Plugins Certificate Verification Vulnerabilities

Disclosed March 11, 2014    Zeroday : 577 days
Vendors: Claws
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available

March 2014 Patch Tuesday

Posted March 11, 2014    BeyondTrust Research Team

March’s Patch Tuesday brings five patches to us, fixing Internet Explorer, DirectShow, Silverlight, kernel-mode drivers, and the Security Account Manager Remote Protocol. MS14-012 fixes 18 unique vulnerabilities, one of which has been publicly disclosed: CVE-2014-0322. This vulnerability has been exploited as early as January 20, 2014, being used in targeted attacks against visitors to the…

, , ,

VMware ESXi NTP Denial of Service Vulnerability

Disclosed March 11, 2014    Zeroday : 577 days
Vendors: VMware
Vulnerability Severity: Low
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available

LuxCal 3.2.2 Cross Site Request Forgery / SQL Injection

Disclosed March 10, 2014    Zeroday : 578 days
Vendors: LuxSoft
Vulnerability Severity: Medium
Exploit Impact: SQL Injection
Exploit Availability: No Exploit Available

Introducing Vulnerability-Based Application Management™ (VBAM)

Posted March 3, 2014    Morey Haber

RSA Conference 2014 saw the birth of a new acronym at the BeyondTrust booth: “VBAM” – otherwise known as Vulnerability-Based Application Management™. This patent-pending technology enforces least-privilege access based on an application’s known vulnerabilities, as well as their age, potential risk, and impact on regulatory compliance initiatives – and is currently included in the PowerBroker…

, , ,