wonderfully unique software solutions

Enterprise data security vendor Stormshield reports on critical cloud vulnerabilities

IT/OT security specialist Stormshield has reported a new cloud-marketplace critical vulnerability, outlined by the US NIST National Vulnerability Database as CVE-2023-49103.

According to Stormshield customer security lab researcher Pierre-Olivier Kaplan, CVE-2023-49103 affects ownCloud servers through its app graphapi 0.2.0-0.3.0.

“This vulnerability has a CVSS 3.1 score of 10, the highest possible. This flaw allows an attacker, remotely and without any authentication, to read a phpinfo file that contains many sensitive information about the local environment,” warned Kaplan.

This potentially included configuration details and user information. On containerised deployments, the situation is “even worse”, according to Kaplan, as it also includes ownCloud admin password, mail server credentials, database credentials, and licence key.

He added that network security offerings like its own are capable of detecting and blocking related exploits. Meanwhile, users should update ownCloud and graphapi.

The news follows Stormshield integration of Bitdefender URL filtering, on the back of an extended partnership with the latter vendor announced in April 2023.

Stormshield offers solutions for data security in the enterprise as well as network and endpoint security for organisations through the channel.

Stormshield Data Security Enterprise (SDS Enteprise) boasts abilities to cover off data security requirements even for very large global organisations with internal and external employees across hundreds of offices all working together.

Data exchanges of staffers across storage, mobile devices and more can be traced and kept safe, minimising risk from negligence or information leakage.

“The loss or theft of critical information can all have a major impact on the company. However, this objective becomes rather more problematic in the case of an organisation based in several countries and having different local partners,” according to this Stormshield case study.

Data security should cover not only employee workstations by external partners such as service providers, the vendor suggested, if there is to be “an effective and sovereign solution”.

( Photo by Christin Hume on Unsplash )

Recent Articles

JetBrains TeamCity eases CI/CD admin for devops teams

Dev tools company JetBrains has released Terraform Provider for TeamCity with a view to improving systems administration capabilities for CI/CD projects.

Nitro says delete these three non-tech obstacles to paperless digitisation

Organisations can address sustainability through cultural, habit and perception gaps on increased digitisation, according to Nitro, a software vendor of PDF editing,...

ML coding aims for larger leap with JFrog-Amazon integration

Developer software company JFrog is offering an integration with Amazon SageMaker that it says will help customers build, train and deploy machine...

OpenText beefs up secure information management in security audits

Business software vendor OpenText has launched the second generation of its advanced cybersecurity auditing tool, Fortify Audit Assistant. Prentiss...

JetBrains promotes principal dev Kirill Skrygan to CEO

Coding software company JetBrains has announced that Kirill Skrygan has taken the reins of the Czech company as chief executive officer (CEO).

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox