Patch Management / Publicly Reported Vulnerabilities
Publicly reported vulnerabilities are security flaws reported by third parties or publicly available sources such as the Common Vulnerabilities and Exposures (CVE) directory. These vulnerabilities can affect Web and API, Infrastructure, and Mobile App systems. They are identified and classified according to the Common Weakness Enumeration (CWE) directory and the OWASP Testing Guide.
Publicly reported vulnerabilities pose a significant risk to IT systems due to their broad exposure. These vulnerabilities can lead to information disclosure, unauthorized access to systems, data manipulation and other malicious activity. The risk assessment should be based on the impact of the vulnerability, the potential for exploitation, and the potential for damage.
The best solution for publicly reported vulnerabilities is to patch the vulnerable system as soon as possible. This should be done by installing the latest version of the system and any security patches that may be available. Additionally, organizations should consider implementing a patch management strategy that includes regular monitoring and testing of the system for any newly reported vulnerabilities.
The following example is from the CVE-2020-5902 vulnerability in the F5 BIG-IP system:
A vulnerability in F5 BIG-IP could allow an unauthenticated attacker to gain access to the system by sending a specially crafted request to the affected system.