Red Hat has released security updates to address vulnerabilities in Red Hat Update Infrastructure (RHUI). Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Red Hat Security Advisory RHSA-2023:4591 and apply necessary updates.

Debian has released security updates to address vulnerabilities affecting the orthanc and cjose packages. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Debian Security Advisories DSA-5472-1 and DSA-5473-1 and apply necessary updates.

Advisory No: TZCERT/SA/2023/08/11

Date of First Release: 11^th August 2023

Source: Ivanti

Overview:

Ivanti has released security patches to address a critical vulnerability affecting multiple versions of Ivanti End Point Manager Mobile (EPMM). This vulnerability could allow an attacker to obtain sensitive information and take control of an affected system.

Description:

Ivanti End Point Manager Mobile (EPMM) formerly known as MobileIron Core affected by a remote unauthenticated API Access vulnerability. The vulnerability allows an authenticated attacker to access restricted functionality or resources of the application without proper authentication.

Impact:

Successful exploitation of this vulnerability allows an attacker to take control of an affected system.

Solution:

Ivanti has released security patches for this vulnerability. Users and Administrators are encouraged to apply necessary updates.

Reference:

1. https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
2. https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/

Siemens has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Siemens Security Advisories dated 8^th August 2023 and apply necessary updates.

Amazon has released security updates to address vulnerabilities affecting Amazon Linux. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service conditions to an affected system.

Users and Administrators are encouraged to review Amazon Linux Security Advisory ALAS-2023-1790 and apply necessary updates.