3
.docx
keyboard_arrow_up
School
Hillsborough Community College *
*We aren’t endorsed by this school
Course
2598
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
2
Uploaded by ElderOxide12578
Joshua Santos
CYB 4781-0
1.
Attack Vector:
ï‚·
"Attack Vector is an attack on the application that operates on the operating system and
not on the computer itself. Depending on the type of attack, an attacker may use
different methods to launch an attack.
2.
Attack Complexity:
ï‚·
Attack Complexity is a measure of the difficulty of carrying out an attack. It is defined as
the number of steps required to carry out an attack.
3.
Privileges Required:
ï‚·
privileges required to manage the resources of an organization
4.
User Interaction:
ï‚·
User Interaction (UI) is the process in which humans interact with computers and
technology. It's a set of design principles applied while developing computer applications
to create an efficient, intuitive and easy-to-use interactive system.
5.
Scope:
ï‚·
The scope is the official documentation of a project and its goals. Typically, written in
plain language, it defines the project’s objectives and deliverables, describes how these
will be achieved, and lays out the schedule for success. The scope should also include
any constraints, which are limitations on what can or cannot be included in the project.
6.
Confidentiality Impact:
ï‚·
The Confidentiality Impact is associated with the amount of sensitivity and restricted
access that data maintains. This can be dependent on several factors including a
company's internal security practices, requirements set forth by law, and the overall
content of information being stored. Persons with high levels of confidentiality impact
often include employees, executives, and partners.
7.
Integrity Impact:
ï‚·
Integrity Impact is a consulting firm that helps businesses and organizations reach their
goals. Their staff includes professionals with years of experience in marketing,
communications, research, and analytical thinking.
8.
Availability Impact:
ï‚·
Availability Impact is a measurement of the impact of outages. It's the amount of time
that production services are impacted because of an incident or failure. Availability
Impact can be measured as a percentage or in units such as hours lost, or dollars lost.
Selected Vulnerabilities to evaluate
1.
This vulnerability is also known as MySQL Stored SQL Injection’s: CVE-2013-0375, CWE
ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
('SQL Injection’) Attack Vector (How the Attacker Gained Access to your System):SQL
Injection Where did the attacker managed to inject malicious code that allowed him/her
to run commands on your server? The webserver is exposing internal commands (Bash)
and attackers can issue operating system commands on the server using the HTTP
requests. With this vulnerability the attacker can take over the server. This would be
remote code execution. Affected versions of MySQL are vulnerable to a stored SQL
injection vulnerability. This issue is due to unsafe handling of user-supplied data in the
SQL query statement, which can be exploited by a remote attacker to execute arbitrary
SQL commands on the MySQL server. Severity of this vulnerability is critical. The
Webserver is exposing internal commands (Bash) and attackers can issue operating
system commands on the server using the HTTP requests.
2.
Remote Code Execution in Oracle Outside in Technology (CVE-2016-5558) is a critical
vulnerability with a CVSS score of 10.0. This means that this vulnerability is highly likely
to be exploited and could potentially result in remote code execution. The attacker only
needs to send a specially crafted HTTP request to the Oracle Outside In to trigger the
exploit. If you are running Oracle Outside in Technology (CVE-2016-5558), there is a
remote code execution security vulnerability. This software is a suite of application
programming interfaces (APIs) that can be used to convert documents and images into
Web pages, to view PDF documents and other file formats inside a Web browser. If an
attacker exploits this vulnerability, they could take control of the affected system's
settings and functions without authorization.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help