Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46014 | 1 Code-projects | 1 Blood Bank | 2023-11-16 | N/A | 5.5 MEDIUM |
| SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters. | |||||
| CVE-2023-46018 | 1 Code-projects | 1 Blood Bank | 2023-11-16 | N/A | 5.5 MEDIUM |
| SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter. | |||||
| CVE-2023-46017 | 1 Code-projects | 1 Blood Bank | 2023-11-16 | N/A | 5.5 MEDIUM |
| SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. | |||||
| CVE-2023-46016 | 1 Code-projects | 1 Blood Bank | 2023-11-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. | |||||
| CVE-2023-46015 | 1 Code-projects | 1 Blood Bank | 2023-11-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. | |||||
| CVE-2023-45075 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-47610 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 9.8 CRITICAL |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. | |||||
| CVE-2023-39198 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-11-16 | N/A | 6.4 MEDIUM |
| A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. | |||||
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2023-11-16 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | |||||
| CVE-2023-5760 | 1 Avast | 1 Avg Antivirus | 2023-11-16 | N/A | 7.0 HIGH |
| A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8. | |||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2023-11-16 | N/A | 5.4 MEDIUM |
| Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | |||||
| CVE-2023-37533 | 1 Hcltech | 1 Connections | 2023-11-16 | N/A | 6.1 MEDIUM |
| HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | |||||
| CVE-2023-20902 | 1 Linuxfoundation | 1 Harbor | 2023-11-16 | N/A | 6.5 MEDIUM |
| A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. | |||||
| CVE-2023-47612 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 6.1 MEDIUM |
| A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | |||||
| CVE-2023-47613 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 7.1 HIGH |
| A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. | |||||
| CVE-2023-47615 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 5.5 MEDIUM |
| A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system. | |||||
| CVE-2023-47616 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 4.6 MEDIUM |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system. | |||||
| CVE-2023-3282 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2023-11-16 | N/A | 6.7 MEDIUM |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | |||||
| CVE-2022-46821 | 1 Jackmail | 1 Jackmail | 2023-11-16 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22. | |||||
| CVE-2023-46001 | 1 Gpac | 1 Gpac | 2023-11-16 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data. | |||||
| CVE-2023-0392 | 1 Okta | 1 Ldap Agent | 2023-11-16 | N/A | 6.7 MEDIUM |
| The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | |||||
| CVE-2023-6001 | 1 Yugabyte | 1 Yugabytedb | 2023-11-16 | N/A | 7.5 HIGH |
| Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. | |||||
| CVE-2023-31419 | 1 Elastic | 1 Elasticsearch | 2023-11-16 | N/A | 7.5 HIGH |
| A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | |||||
| CVE-2023-38552 | 1 Nodejs | 1 Node.js | 2023-11-16 | N/A | 7.5 HIGH |
| When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. | |||||
| CVE-2023-36478 | 2 Eclipse, Jenkins | 2 Jetty, Jenkins | 2023-11-16 | N/A | 7.5 HIGH |
| Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | |||||
| CVE-2023-44466 | 1 Linux | 1 Linux Kernel | 2023-11-16 | N/A | 8.8 HIGH |
| An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. | |||||
| CVE-2023-43885 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2023-11-16 | N/A | 8.1 HIGH |
| Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. | |||||
| CVE-2023-43886 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2023-11-16 | N/A | 7.1 HIGH |
| A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. | |||||
| CVE-2023-4061 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Wildfly Core | 2023-11-16 | N/A | 6.5 MEDIUM |
| A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system. | |||||
| CVE-2023-39913 | 1 Apache | 1 Uimaj | 2023-11-16 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class; * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data; * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections; * the CasAnnotationViewerApplet and the CasTreeViewerApplet; * the checkpointing feature of the CPE module. Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object. When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution. As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290 and https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue. To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the "jdk.serialFilter" system property using a semicolon as a separator: To allow deserializing Java-serialized binary CASes, add the classes: * org.apache.uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.String To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPoint Make sure to use "!*" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern. Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version. | |||||
| CVE-2023-45145 | 3 Debian, Fedoraproject, Redis | 3 Debian Linux, Fedora, Redis | 2023-11-16 | N/A | 3.6 LOW |
| Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. | |||||
| CVE-2020-17477 | 1 Univention | 1 Ucs\@school | 2023-11-16 | N/A | 6.5 MEDIUM |
| Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. | |||||
| CVE-2023-46772 | 1 Huawei | 1 Emui | 2023-11-16 | N/A | 7.5 HIGH |
| Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data. | |||||
| CVE-2023-6012 | 1 Lanaccess | 1 Onsafe Monitorhm | 2023-11-16 | N/A | 9.8 CRITICAL |
| An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. | |||||
| CVE-2023-43567 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-47107 | 1 Thm | 1 Pilos | 2023-11-16 | N/A | 8.8 HIGH |
| PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0. | |||||
| CVE-2023-43568 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 4.4 MEDIUM |
| A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | |||||
| CVE-2020-7269 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. | |||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2023-11-16 | 6.5 MEDIUM | 7.2 HIGH |
| Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | |||||
| CVE-2020-7308 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 6.4 MEDIUM | 6.5 MEDIUM |
| Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. | |||||
| CVE-2023-43570 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. | |||||
| CVE-2023-43569 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2020-7270 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. | |||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2023-11-16 | 6.5 MEDIUM | 7.2 HIGH |
| External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | |||||
| CVE-2021-43609 | 1 Spiceworks | 1 Help Desk Server | 2023-11-16 | N/A | 8.8 HIGH |
| An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. | |||||
| CVE-2022-1823 | 1 Mcafee | 1 Consumer Product Removal Tool | 2023-11-16 | 4.6 MEDIUM | 7.8 HIGH |
| Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file. | |||||
| CVE-2022-1254 | 1 Mcafee | 1 Web Gateway | 2023-11-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. | |||||
| CVE-2022-0858 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0280 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2023-11-16 | 3.3 LOW | 7.0 HIGH |
| A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. | |||||
| CVE-2021-31848 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-16 | 3.5 LOW | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | |||||