What This Vulnerability Research Portfolio Represents
Discoveries That Matter
Our vulnerability research team reverse engineers your enterprise software to find the 0-days that threaten your infrastructure - before attackers do.
Enterprise Focus
The vulnerabilities below affect systems organizations use: SAP. IBM. Check Point. F5. BMC. Microsoft. Rapid7. Cyberark.
Current Research
We identified a wide range of CVEs across various industries - each of the vulnerabilities have been assigned a threat level ranging from critical to low. We pride ourselves in beating others to identify critical CVEs in large infrastructure for orgasations such as IBM and Microsoft.
Authenticated directory traversal and LFI in Observium via additional vulnerable path
Cross-site scripting in Observium via additional vulnerable parameter
SQL injection in Observium via another injection point allows database attacks
Cross-site scripting in Observium via different vulnerable functionality
Authenticated directory traversal and LFI in Observium via separate endpoint
Authenticated directory traversal and LFI in Observium allows server file access
SQL injection in Observium via additional vulnerable parameter allows database manipulation
Cross-site request forgery in Observium allows attackers to perform actions on behalf of authenticated users
Cross-site scripting in Observium via additional vulnerable input
Cross-site scripting in Observium via different request parameter
Cross-site scripting in Observium via separate vulnerable endpoint
Cross-site scripting in Observium via additional injection point
Cross-site scripting in Observium via different vulnerable parameter
Authenticated directory traversal and local file inclusion in Observium via additional endpoint
Cross-site scripting in Observium allows script injection via crafted input
We map your systems before testing how they break.
That's why critical findings usually show up outside the original scope - attackers don't respect scope documents.
Security Assessment Services FAQ
Questions enterprise security teams ask before partnering with AFINE for security assessments.