all InfoSec news
Getting Infinite CVEs via Software Supply Chain Security
Feb. 7, 2024, 11:40 p.m. | /u/CirclesWeRun4
cybersecurity www.reddit.com
In December, I wrote a blog post, [Getting Infinite CVEs via Software Supply Chain Security](https://www.cramhacks.com/p/infinite-cves-with-supply-chain), which made some people unhappy. But the latest Ivanti vulnerability is a perfect example of where shit hits the fan and why this needs to be talked about.
You have a vulnerability in a third-party package; in this case, CVE-2023-36661. Now, the Ivanti Connect Secure …
case connect cve cve-2024-21893 cves cybersecurity ivanti ivanti connect secure package party problem project reject run service service provider third third-party version vulnerability vulnerable
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Lead Security Specialist
@ Fujifilm | Holly Springs, NC, United States
Security Operations Centre Analyst
@ Deliveroo | Hyderabad, India (Main Office)
CISOC Analyst
@ KCB Group | Kenya
Lead Security Engineer – Red Team/Offensive Security
@ FICO | Work from Home, United States
Cloud Security SME
@ Maveris | Washington, District of Columbia, United States - Remote
SOC Analyst (m/w/d)
@ Bausparkasse Schwäbisch Hall | Schwäbisch Hall, DE