HP has released security updates to address a vulnerability in Intel Arc™ & Iris® Xe Graphics Software. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review HP Security Bulletin and apply necessary updates.

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review IBM Security  Advisories dated 23^rd July 2024 and apply necessary update.

Trend Micro has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Trend Micro Security  Bulletins dated 23^rd July 2024 and apply necessary update.

Advisory No: TZCERT/SA/2024/07/19-3

Date of First Release: 19^th July 2024

Source: SolarWinds

Software Affected: SolarWinds Access Rights Manager (ARM)

Overview:

Critical vulnerabilities affect SolarWinds ARM. An attacker can leverage the vulnerabilities to execute remote arbitrary code on the affected device.

Description:

SolarWinds Access Rights Manager (ARM) is vulnerable to three (3) critical vulnerabilities all with 9.6 CSVV scores and tracked as CVE-2024-23469, CVE-2024-23467, CVE-2024-23471. Successful exploitation of these vulnerabilities allows an unauthenticated user to perform remote code execution with SYSTEM privileges.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution:

SolarWinds has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23469
2. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23467
3. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23471

Advisory No: TZCERT/SA/2024/07/19-2

Date of First Release: 19^th July 2024

Source: Cisco

Software Affected: Cisco Secure Email Gateway, Cisco Smart Software Manager On-Prem

Overview:

Two Cisco products are affected by critical vulnerabilities. The vulnerabilities could allow an attacker to execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.

Description:

Cisco Secure Email Gateway and Cisco Smart Software Manager On-Prem are affected by two critical vulnerabilities tracked as CVE-2024-20401, and CVE-2024-20419 with base scores of 9.8 and 10 respectively. The vulnerabilities are the result of improper handling of email attachments when file analysis and content filters are enabled, and due to improper implementation of the password-change process. The vulnerability allows unauthenticated remote attacker to modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.

Impact:

Successful exploitation of these vulnerabilities may allow unauthenticated, remote unauthenticated attacker to take control of the affected system or cause a denial of service condition.

Solution:

Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy