all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Getting Infinite CVEs via Software Supply Chain Security

Add to bookmarks
Feb. 7, 2024, 11:40 p.m. | /u/CirclesWeRun4

cybersecurity www.reddit.com

The latest [Ivanti Connect Secure appliance exploit](https://www.cramhacks.com/p/cramhacks-22#:~:text=Ivanti%20Connect%20Secure%20appliances%20under%20active%20exploitation) is a perfect example of a major flaw in the vulnerability disclosure process.

In December, I wrote a blog post, [Getting Infinite CVEs via Software Supply Chain Security](https://www.cramhacks.com/p/infinite-cves-with-supply-chain), which made some people unhappy. But the latest Ivanti vulnerability is a perfect example of where shit hits the fan and why this needs to be talked about.

You have a vulnerability in a third-party package; in this case, CVE-2023-36661. Now, the Ivanti Connect Secure …

case connect cve cve-2024-21893 cves cybersecurity ivanti ivanti connect secure package party problem project reject run service service provider third third-party version vulnerability vulnerable

Visit resource

More from www.reddit.com / cybersecurity

Is SOC 2 Report Sufficient for Vendor Risk Management? 9 hours ago | www.reddit.com
application cybersecurity deployment friends +18
Attackers Employ Microsoft Graph API to Evade Detection 11 hours ago | www.reddit.com
api attackers cybersecurity detection +4
Cybersecurity Stash: Your One-Stop Directory for Security Tools and Resources! 11 hours ago | www.reddit.com
cybersecurity directory hey hub +6
I think I blew my last interview 14 hours ago | www.reddit.com
cybersecurity hello interview interviewing +4
On a scala of 0-10 how severe would you rate database credentials (root) in a … 20 hours ago | www.reddit.com
attachments code credentials cybersecurity +8
Half of Americans Support TikTok Ban, Poll Finds 21 hours ago | www.reddit.com
ban cybersecurity poll support +2
Another major pharmacy chain shuts following possible cyberattack 22 hours ago | www.reddit.com
canada cyber cyberattack cybersecurity +7
Jobs being outsourced 1 day, 1 hour ago | www.reddit.com
analyst cybersecurity doing hello +12
Top cybersecurity stories for the week of 04-29-24 to 05-03-24 1 day, 1 hour ago | www.reddit.com
ciso cyber cyber security cybersecurity +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Lead Security Specialist

@ Fujifilm | Holly Springs, NC, United States
View on infosec-jobs.com

Security Operations Centre Analyst

@ Deliveroo | Hyderabad, India (Main Office)
View on infosec-jobs.com

CISOC Analyst

@ KCB Group | Kenya
View on infosec-jobs.com

Lead Security Engineer – Red Team/Offensive Security

@ FICO | Work from Home, United States
View on infosec-jobs.com

Cloud Security SME

@ Maveris | Washington, District of Columbia, United States - Remote
View on infosec-jobs.com

SOC Analyst (m/w/d)

@ Bausparkasse Schwäbisch Hall | Schwäbisch Hall, DE
View on infosec-jobs.com
View more jobs