Advisory: DROWN Vulnerability (CVE-2016-0800)

Grace NacesAdvisories

Publication Date: 7 March 2016 Updated: 15 March 2016 Description A vulnerability that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. The Traffic between clients and non-vulnerable servers can be decrypted if another server supporting SSLv2 … Read More

Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)

Grace NacesAdvisories

Publication Date: 06 Jul 2015 Description SQL Injection Vulnerability A vulnerability which allows user to perform queries on the underlying datastore via ppli URL parameter of the default login page main.ant; CVE-2015-2849 Cross-Site Scripting Vulnerability A reflected cross-site scripting vulnerability exists in the msg URL parameter of the admin login page … Read More

UPDATE on Vulnerability CVE-2015-0932

Grace NacesAdvisories, Latest News

We would like to proactively inform you about a zero-day vulnerability found with some of our InnGate HSIA gateways. We also would like to update you that a fix for the vulnerability is already available since 26 Mar 2015 and that we are actively working with our partners to patch … Read More