A zero-day authentication bypass vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM). CVE-2023-35078 has been given critical severity ratings with a CVSS score of 10. Successful exploitation of the vulnerability may allow unauthorized users to access restricted functionality or resources of the application. CISA has added a publicly exploited CVE-2023-35078 to its Known … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35078)”
Author: Diksha Ojha
Apple Patches Zero-day Vulnerability Used in Attacks Against iOS 15.7.1 (CVE-2023-38606)
Apple has released a patch to address a zero-day vulnerability (CVE-2023-38606). The security updates fix the vulnerability in multiple products such as macOS Ventura, Monterey, Big Sur, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of the active exploitation of the vulnerability in attacks against versions of iOS 15.7.1. Valentin … Continue reading “Apple Patches Zero-day Vulnerability Used in Attacks Against iOS 15.7.1 (CVE-2023-38606)”
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)
Atlassian Confluence Server & Data Center and Bamboo Data Center are affected by high-severity vulnerabilities: CVE-2023-22505, CVE-2023-22506, and CVE-2023-22508. The vulnerabilities may allow attackers to perform remote code execution on successful exploitation. Anonymous researchers have discovered and reported these vulnerabilities to Atlassian via their Bug Bounty and Penetration Testing programs. In February 2023, Atlassian addressed … Continue reading “Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)
A new critical severity vulnerability (CVE-2023-3519) in the NetScaler ADC and NetScaler Gateway is being exploited in the wild. CVE-2023-3519 may allow an unauthenticated attacker to perform remote code execution on the target system. The advisory addressed two more vulnerabilities: CVE-2023-3466 CVE-2023-3467 Wouter Rijkbost and Jorren Geurts of Resillion have discovered the vulnerabilities addressed in … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)”
Oracle Patch Tuesday, July 2023 Security Update Review
Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products. During Q3 2023 Oracle Critical Patch Update, the … Continue reading “Oracle Patch Tuesday, July 2023 Security Update Review”
Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)
Attackers exploit two Adobe ColdFusion vulnerabilities to bypass authentication and perform remote code execution. CVE-2023-29298 and CVE-2023-38203 can be chained to conduct attacks on Adobe ColdFusion environments. CISA has added CVE-2023-29298 and CVE-2023-38205 to its Known Exploited Vulnerabilities Catalog, recommending users patch before August 10. On January 8, 2024, CISA added the CVE-2023-29300 and CVE-2023-38203 … Continue reading “Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)”
Zimbra Collaboration Suite Cross-Site Scripting (XSS) Zero-day Vulnerability
There is a critical severity vulnerability affecting the Zimbra Collaboration Suite. The cross-site scripting vulnerability allows an attacker to impact the confidentiality and integrity of the user’s data. Zimbra has mentioned in the security update that “The fix is planned to be delivered in the July patch release.” Zimbra Collaboration Suite is a widely deployed … Continue reading “Zimbra Collaboration Suite Cross-Site Scripting (XSS) Zero-day Vulnerability”
Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)
The Cisco TAC support team has discovered a critical vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software. CVE-2023-20214 allows an unauthenticated attacker to retrieve information and send data to the configuration of the affected Cisco vManage instance. The Cisco SD-WAN Solution provides an advanced, software-based solution that lowers … Continue reading “Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)”
FortiOS and FortiProxy Stack-based Buffer Overflow Vulnerability (CVE-2023-33308)
Fortinet has addressed a critical severity vulnerability affecting FortiOS and FortiProxy. CVE-2023-33308 has been given a critical severity rating with a CVSSv3 score of 9.8. Successful exploitation of the vulnerability will allow a remote attacker to execute arbitrary code on target systems. The brain of Fortinet Security Fabric is its network operating system, FortiOS. The Security … Continue reading “FortiOS and FortiProxy Stack-based Buffer Overflow Vulnerability (CVE-2023-33308)”
Microsoft Patch Tuesday, July 2023 Security Update Review
Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles. Microsoft Patch Tuesday for July 2023 This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Nine of these 132 vulnerabilities are rated as critical … Continue reading “Microsoft Patch Tuesday, July 2023 Security Update Review”
