VULNERABILITY MANAGEMENT
Vulnerability Management is a core security practice to understand and to assess the risk to an organisations technical estate. This function assesses new vulnerabilities, determines applicability and criticality of the flaws in the context of the technologies deployed within the organisation.
Once vulnerabilities are triaged, the required updates are scheduled into the company’s Patch & Change Management processes to be rolled out in a timely manner.
CARIBSOC offers further guidance on Patch & Change Management in our Policies & Practices area.
Updated Vulnerabilities:
- CVE-2011-10004 (reciply) (10/16/2023)
- CVE-2012-10016 (simple-download-button-shortcode) (10/16/2023)
- CVE-2015-10126 (easy2map_photos) (10/6/2023)
- CVE-2015-10125 (import_all_pages,_post_types,_products,_orders,_and_users_as_xml_&_csv) (10/5/2023)
- CVE-2015-10124 (most_popular_posts_widget) (10/2/2023)
- CVE-2015-6964 (multibit_hd) (9/25/2023)
- CVE-2015-8371 (composer) (9/21/2023)
- CVE-2015-5467 (yii) (9/21/2023)
- CVE-2020-19559 (agilis_xfs_for_opteva) (9/11/2023)
- CVE-2014-5329 (gigapod_2010_firmware, gigapod_3_firmware, gigapod_officehard_firmware) (9/7/2023)
CVE & CVSS
CARIBSOC utilizes the industry standard Common Vulnerabilities & Exposures (CVE) & Common Vulnerability Scoring System (CVSS) for referencing, disclosing and rating vulnerabilities. Overseen by the Mitre Organisation & National Institute for Standards & Technology (NIST); these frameworks provide a globally uniform numbering and criticality rating standard for security vulnerabilities that is used by companies and corporations around the globe.
VULNERABILITY MGT LIFECYCLE:
Vendor Patch Tuesday Commentary:
- Patch Tuesday – 01.2021 (1/12/2021)
- Patch Tuesday – 12.2020 (12/9/2020)
- Patch Tuesday – 11.2020 (11/10/2020)