Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/

The #usdHeroLab analysts examined the #SAP Partner Portal while conducting their #pentests.
1⃣ Vulnerability Type: Improper Neutralization of Input During Web Page Generation #CWE79 #CrossSiteScripting
🚨 Security Risk: High
👇🧵 More details

In cases where users do not have sufficient permissions to view a specific URL within the #SAP Partner Portal, they get redirected to an error page. During this redirection, the requested URL is passed to the error message as a parameter without any filtering or encoding.
Therefore it is possible to include HTML-Tags and JavaScript in the URL, making it possible for malicious actors to launch #XSS attacks.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇​
https://herolab.usd.de/security-advisories/usd-2023-0017/