A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Multiple Critical Vulnerabilities in IBM Instana Observability (CVE-2023-42282, CVE-2023-37466 and CVE-2023-37903)

Advisory No: TZCERT/SA/2024/03/13-03

Date of First Release: 13th March 2024

Source: IBM

Software Affected: IBM Instana Observability

Overview:

IBM has released security patches to address critical vulnerabilities affecting IBM Instana Observability. The vulnerabilities could allow an attacker to execute arbitrary code on the affected system.

Description:

IBM Instana Observability is affected with arbitrary code execution vulnerabilities as the result of sandbox escape flaw and server-side request forgery flaw in the Promise handler Node.js vm2 and Node.js IP package respectively. Successful exploitation of these vulnerabilities could allow the attacker to obtain sensitive information and execute arbitrary code on the system.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of affected IBM Instana Observability versions.

Solution:

IBM has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.ibm.com/support/pages/node/7139917
  2. https://www.ibm.com/support/pages/node/7139922
  3. https://www.ibm.com/support/pages/node/7139922

GarageBand 10.4.11 for macOS Use-After-Free Vulnerability (CVE-2024-23300)

Advisory No: TZCERT/SA/2024/03/13-02

Date of First Release: 13th March 2024

Source: Apple

Software Affected: macOS Ventura and macOS Sonoma

Overview:

Apple has released security update to address a critical vulnerability affecting macOS Ventura and macOS Sonoma. The vulnerability could allow an attacker to execute arbitrary code on the affected system.

Description:

macOS Ventura and macOS Sonoma are affected with the use-after-free vulnerability found in the GarageBand for mac. The vulnerability allows the processing of the maliciously crafted file that may result into unexpected crash or arbitrary code execution.

Impact:

Successful exploitation of this vulnerability may allow the attacker to take control of affected system.

Solution:

Apple has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://support.apple.com/en-us/HT214090
  2. https://www.intego.com/mac-security-blog/apple-patches-security-flaw-in-garageband-10-4-11-for-macos-sonoma-ventura/

Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)

Advisory No: TZCERT/SA/2024/03/13-01

Date of First Release: 14th July 2023

Previous Advisory Number: TZCERT/SA/2023/07/14-03

Source: Cisco

Software Affected: Cisco SD-WAN vManage software

Overview:

Cisco has released security patches to address a critical vulnerability affecting Cisco SD-WAN vManage software. The vulnerability could allow an attacker to attain unauthenticated access to REST API.

Description:

Cisco SD-WAN vManage is affected with an authentication vulnerability in its REST API. This is the result of insufficient request validation when using REST API feature. The vulnerability allows unauthenticated remote attacker to read or write to the configuration of the affected vManage instance.

Impact:

Successful exploitation of this vulnerability may allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.

Solution:

Cisco has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA

TZCERT-SU-24-0264 (Ubuntu Security Update)

Ubuntu has released security updates to address vulnerabilities in Linux kernel, libxml2 and accountsservice. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Ubuntu Security Advisories USN-6681-2, USN-6688-1, USN-6658-2 and USN-6687-1 and apply necessary updates.

TZCERT-SU-24-0263 (Dell Security Update)

Dell has released security updates to address vulnerabilities in Dell NetWorker vProxy and Dell NetWorker (NRE). Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Dell Security Advisories dsa-2024-091 and dsa-2023-126 and apply necessary updates.