The ARMR Report – August 2019

By August 26, 2019 ARMR Reports

Customer CVE Alert for 2019-August

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

 

CVE CWE Update Date CVSS Score RCE Detail
CVE-2019-14313 89 7/30/19 10 Remote A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
CVE-2019-13573 89 7/17/19 10 Remote A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVE-2019-0193 287 8/1/19 9 Remote In Apache Solr
CVE-2017-18515 89 8/14/19 7.5 Remote The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
CVE-2017-18514 89 8/14/19 7.5 Remote The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
CVE-2016-10889 89 8/14/19 7.5 Remote The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
CVE-2016-10888 89 8/14/19 7.5 Remote The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
CVE-2016-10887 89 8/14/19 7.5 Remote The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
CVE-2015-9316 89 8/14/19 7.5 Remote The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
CVE-2015-9315 89 8/14/19 7.5 Remote The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
CVE-2015-9313 89 8/14/19 7.5 Remote The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
CVE-2015-9310 89 8/14/19 7.5 Remote The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
CVE-2015-9301 89 8/13/19 7.5 Remote The liveforms plugin before 3.2.0 for WordPress has SQL injection.
CVE-2019-14968 89 8/12/19 7.5 Remote An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
CVE-2019-14234 89 8/9/19 7.5 Remote An issue was discovered in Django 1.11.x before 1.11.23
CVE-2019-2856 284 7/23/19 7.5 Remote Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container – JavaEE). Supported versions that are affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality
CVE-2019-2855 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2854 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2853 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2852 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2835 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2792 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2764 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2759 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-2756 284 7/23/19 7.5 Remote Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update
CVE-2019-11772 787 7/17/19 7.5 Remote In Eclipse OpenJ9 prior to 0.15
CVE-2018-20968 352 8/14/19 6.8 Remote The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
CVE-2018-20967 352 8/14/19 6.8 Remote The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
CVE-2017-18513 352 8/14/19 6.8 Remote The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
CVE-2017-18512 352 8/14/19 6.8 Remote The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
CVE-2017-18511 352 8/14/19 6.8 Remote The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
CVE-2017-18510 352 8/14/19 6.8 Remote The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location
CVE-2016-10884 352 8/14/19 6.8 Remote The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
CVE-2016-10882 352 8/14/19 6.8 Remote The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
CVE-2015-9309 352 8/14/19 6.8 Remote The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
CVE-2015-9308 352 8/14/19 6.8 Remote The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
CVE-2015-9307 352 8/14/19 6.8 Remote The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
CVE-2018-20964 352 8/13/19 6.8 Remote The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
CVE-2017-18504 352 8/12/19 6.8 Remote The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
CVE-2016-10876 352 8/12/19 6.8 Remote The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
CVE-2016-10874 352 8/12/19 6.8 Remote The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
CVE-2019-14681 352 8/8/19 6.8 Remote The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
CVE-2019-10386 352 8/7/19 6.8 Remote A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2019-10368 352 8/7/19 6.8 Remote A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2018-10899 352 8/1/19 6.8 Remote A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
CVE-2019-10359 352 7/31/19 6.8 Remote A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
CVE-2019-10181 345 7/31/19 6.8 Remote It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
CVE-2019-2828 284 7/23/19 6.8 Remote Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service
CVE-2019-10340 352 7/11/19 6.8 Remote A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2019-14966 89 8/12/19 6.5 Remote An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
CVE-2019-10380 254 8/7/19 6.5 Remote Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist
CVE-2019-10356 254 7/31/19 6.5 Remote A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2019-10355 254 7/31/19 6.5 Remote A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2019-0327 434 7/10/19 6.5 Remote SAP NetWeaver for Java Application Server – Web Container
CVE-2019-10185 22 7/31/19 6.4 Remote It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and
CVE-2019-13635 22 7/30/19 6.4 Remote The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.
CVE-2019-2775 284 7/23/19 6.4 Remote Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in unauthorized creation
CVE-2019-2767 284 7/23/19 6.4 Remote Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher)
CVE-2019-2742 284 7/23/19 6.4 Remote Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher
CVE-2019-2771 284 7/23/19 6 Remote Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher)
CVE-2016-10883 352 8/14/19 5.8 Remote The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
CVE-2019-10382 295 8/7/19 5.8 Remote Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2019-10372 601 8/7/19 5.8 Remote An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.
CVE-2019-10182 22 7/31/19 5.8 Remote It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
CVE-2019-2837 284 7/23/19 5.8 Remote Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation
CVE-2019-2829 284 7/23/19 5.8 Remote Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Requests). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport
CVE-2019-2816 284 7/23/19 5.8 Remote Vulnerability in the Java SE
CVE-2019-2672 284 7/23/19 5.8 Remote Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment
CVE-2019-2668 284 7/23/19 5.8 Remote Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment
CVE-2019-2666 284 7/23/19 5.8 Remote Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment
CVE-2019-7955 79 7/18/19 5.8 Remote Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-10362 20 7/31/19 5.5 Remote Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting
CVE-2019-4062 611 7/30/19 5.5 Remote IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.
CVE-2019-2827 284 7/23/19 5.5 Remote Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0
CVE-2019-2825 284 7/23/19 5.5 Remote Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation
CVE-2019-2824 284 7/23/19 5.5 Remote Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0
CVE-2019-10371 384 8/7/19 5 Remote A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
CVE-2019-7859 22 8/2/19 5 Remote A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18
CVE-2019-4165 20 7/31/19 5 Remote IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698.
CVE-2019-14439 200 7/30/19 5 Remote A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVE-2019-0202 532 7/25/19 5 Remote The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2
CVE-2019-2809 284 7/23/19 5 Remote Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Password Reset). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2783 284 7/23/19 5 Remote Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments
CVE-2019-2782 284 7/23/19 5 Remote Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payments accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2019-2773 284 7/23/19 5 Remote Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments
CVE-2019-2769 284 7/23/19 5 Remote Vulnerability in the Java SE
CVE-2019-2768 200 7/23/19 5 Remote Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2019-2762 284 7/23/19 5 Remote Vulnerability in the Java SE
James Lee

Author James Lee

James Lee, Waratek Executive Vice President and Chief Marketing Officer. James is the former CMO at data pioneer ChoicePoint and an expert in data privacy and security, having served nine years on the Board of the San Diego-based Identity Theft Resource Center including three years as Chair. Lee has served as a leader of two ANSI efforts to address issues of data privacy and identity management. Lee is also a former global leader at International Paper Company (NYSE: IP).

More posts by James Lee
X