A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6

Date of First Release: 17th May 2024

Source: IBM

Software Affected: IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration

Overview:

IBM applications are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerability to execute arbitrary code on the affected system.

Description:

IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration are affected by critical vulnerability rated at 9.8 and tracked as CVE-2019-19919 and CVE-2019-12384. The vulnerabilities exist in Node.js handlebars and FasterXML jackson-databind. The attackers can send specially crafted messages to execute arbitrary code on the vulnerable system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://exchange.xforce.ibmcloud.com/vulnerabilities/173388
  2. https://exchange.xforce.ibmcloud.com/vulnerabilities/162849

Remote Code Execution Vulnerability in Bosch Praesensa and Bosch Praesideo (CVE-2024-25104)

Advisory No: TZCERT/SA/2024/05/17-5

Date of First Release: 17th May 2024

Source: Bosch

Software Affected: Bosch Praesensa Logging Application, Bosch Praesideo Logging Application, and Bosch Praesideo PC Call Station

Overview:

Three Bosch are vulnerable to a critical vulnerability. The attackers can leverage the vulnerability to execute arbitrary code on the server machine.

Description:

The critical vulnerability rated at 9.8 and tracked as CVE-2024-25104 is affecting Bosch Praesensa Logging Application, Bosch Praesideo Logging Application, and Bosch Praesideo PC Call Station. The weakness is caused by missing a security tactic during the architecture and design phase. Attackers can exploit the vulnerability to execute remote code on the server machine.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control of affected system.

Solution:

Bosch has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://psirt.bosch.com/security-advisories/bosch-sa-106054-bt.html

A critical vulnerability in Drupal’s RESTful Web Services

Advisory No: TZCERT/SA/2024/05/17-4

Date of First Release: 17th May 2024

Source: Drupal

Software Affected: RESTful Web Services

Overview:

Drupal plugin is vulnerable to a critical vulnerability. The attackers can leverage the vulnerability to bypass access controls.

Description:

RESTful Web Services in Drupal CMS is affected by a critical vulnerability as a result of insufficient access restriction for user resources. The attackers can exploit the vulnerability to gain escalated privilege.

Impact:

Successful exploitation of this vulnerability may allow an attacker to gain escalated privilege.

Solution:

Drupal has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.drupal.org/sa-contrib-2024-019

Aruba Access Points Multiple Critical Vulnerabilities (CVE-2024-31466, CVE-2024-31467, CVE-2024-31468, CVE-2024-31469, CVE-2024-31470, CVE-2024-31471, CVE-2024-31472, CVE-2024-31473)

Advisory No: TZCERT/SA/2024/05/17-3

Date of First Release: 17th May 2024

Source: Hewlett-Packard

Software Affected: Aruba Access Points running InstantOS and ArubaOS 10

Overview:

Aruba Access Points are vulnerable to multiple critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on the affected Access Point.

Description:

Aruba Access Points are affected by multiple vulnerabilities among them are six (6) critical vulnerabilities with a rating score of 9.8. These flaws include buffer overflow and command injection vulnerabilities. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Hewlett-Packard has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt