Hewlett-Packard has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review HP Security Advisories hpesbhf04592, hpesbhf04591, hpesbhf04594, hpesbhf04566, hpsbhf03910, hpsbhf03881 and hpsbhf03915 and apply necessary updates.

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review IBM Security Advisories and apply necessary updates.

QNQP has released security updates to address vulnerabilities in QTS, QuTS hero and QuTScloud. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review QNAP Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2024/02/15

Date of First Release: 15^th February 2024

Source: WPScan

Software Affected: Revolution Slider Plugin version <= 6.6.12

Overview:

The vulnerability exists in the Revolution Slider plugin prior to version <= 6.6.12. Successfully exploitation of this vulnerability could allow a remote attacker to execute code on the affected system.

Description:

The vulnerability (CVE-2023-2359, CVSS score: 6.6) exists because the plugin does not check the for validity of uploaded image file. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow Editor and Author users to use the functionality as well.

Impact:

Successful exploitation of this vulnerability may allow a an attacker to execute remote code to an affected system.

Solution:

Security updates have been released to resolve this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://wpscan.com/vulnerability/a8350890-e6d4-4b04-a158-2b0ee3748e65/

Advisory No: TZCERT/SA/2024/02/15

Date of First Release: 15^th February 2025

Source: Microsoft

Software Affected: Microsoft Exchange Server

Overview:

Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim client.

Description:

The vulnerability (CVE-2024-21410, CVSS score: 9.8) results in NTLM credentials-leaking when an attacker targets a victim e.g. NTLM client such as Outlook. Successful exploitation of the flaw could permit an attacker to relay a user’s leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Microsoft has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

References:

1. https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410