CYBER45

Welcome to the Cyber Career Pathways Tool! This tool presents a new and interactive way to explore work roles within the NICE Cybersecurity Workforce Framework. It depicts the Cyber Workforce according to five distinct, yet complementary, skill communities.

Welcome to the Cyber Career Pathways Tool! This tool presents a new and interactive way to explore work roles within the NICE Cybersecurity Workforce Framework. It depicts the Cyber Workforce according to five distinct, yet complementary, skill communities.

Original release date: July 6, 2020
High Vulnerabilities


<table>

<tr>
<th>Primary
Vendor -- Product</th>
<th>Description</th>
<th>Published</th>
<th>CVSS Score</th>
<th>Source & Patch Info</th>
</tr>



<tr>
<td>adobe -- bridge</td>
<td>Adobe Bridge vers…

Original release date: July 4, 2020F5 has released a security advisory to address a remote code execution (RCE) vulnerability—CVE-2020-5902—in BIG-IP Traffic Management User Interface (TMUI). An attacker could exploit this vulnerability take control of an aff…

Original release date: July 3, 2020The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.


The Cybersecurity and I…

1. EXECUTIVE SUMMARY

CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: System 800xA Information Manager
Vulnerability: Cross-site Scripting
2. RISK EVALUATION

Successful exploitation of this vulnerability coul…

Original release date: July 2, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructur…

This advisory contains mitigations for multiple vulnerabilities in OpenClinic GA, an open source integrated hospital information management system.

1. EXECUTIVE SUMMARY

CVSS v3 10.0
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Nortek
Equipment: Linear eMerge 50P/5000P
Vulnerabilities: Path Traversal, Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site…

Original release date: July 2, 2020Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure …

Original release date: July 1, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques.

T…

Original release date: July 1, 2020Microsoft has released security updates to address vulnerabilities in Windows 10 and Windows Server. These vulnerabilities could allow a remote attacker to take control of an affected system.

The Cybersecurity and Infrastru…

Original release date: June 30, 2020Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EIN…

ICS Site Page

1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: Delta Industrial Automation DOPSoft
Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow
2. RISK EVALUATION

Successful exploitation of…

1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: Factory Automation Engineering Software Products
Vulnerabilities: Improper Restriction of XML External Entity Reference and…

Original release date: June 29, 2020Multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device. 
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administra…

Original release date: June 29, 2020Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information.

The Cybersecur…

Original release date: June 29, 2020 


High Vulnerabilities


<table>

<tr>
<th>Primary
Vendor -- Product</th>
<th>Description</th>
<th>Published</th>
<th>CVSS Score</th>
<th>Source & Patch Info</th>
</tr>



<tr>
<td>apache -- shiro
 </td>
<td>Apache Shir…

Original release date: June 26, 2020The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infras…