VMware released a security advisory addressing multiple critical vulnerabilities in VMware Workspace ONE Assist. These vulnerabilities may allow an attacker to perform an authentication bypass and get admin privileges. The vulnerabilities are being tracked as CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689. The vulnerabilities were discovered by Jasper Westerman, Jan van der Put, Yanick de Pater, and … Continue reading “Multiple Critical Vulnerabilities Patched in VMware Workspace ONE Assist (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689)”
Tag: authentication bypass vulnerability
FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)
Fortinet has patched a critical authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager products. Tracked as CVE-2022-40684, this is an authentication bypass vulnerability that could allow an attacker to perform unauthorized operations on vulnerable devices. CISA has added this vulnerability to its Known Exploitable Vulnerabilities Catalog. Fortinet addressed the vulnerability by tweeting, “Due to the ability … Continue reading “FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)”
VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)
VMware has released a security advisory (VMSA-2022-0022) addressing multiple vulnerabilities in VMware vRealize Operations. The vulnerabilities vary from an authentication bypass (CVE-2022-31675), and privilege escalation (CVE-2022-31672) to information disclosure (CVE-2022-31673, CVE-2022-316734). These vulnerabilities have been discovered by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute. VMware vRealize Operations enable self-driving IT Operations Management … Continue reading “VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)”
VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access
VMware has released a security advisory addressing multiple vulnerabilities in important VMware products and requested the admins to update to the latest versions. The vulnerabilities varies from an authentication bypass (CVE-2022-31656), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), Cross-site scripting (XSS) (CVE-2022-31663), remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) to privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664). The CVSS … Continue reading “VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access”
VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)
VMware has released a security advisory to address two critical vulnerabilities (CVE-2022-22972 & CVE-2022-22973) impacting VMware Identity Manager (vIDM), and Workspace ONE Access. Successful exploitation of these vulnerabilities could lead to escalation of privileges and authentication bypass. CISA has also released an advisory and warned users to immediately patch these vulnerabilities. One of the two … Continue reading “VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)”
Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)
An authentication bypass vulnerability has been discovered in Atlassian Jira and Jira Service Management products. The vulnerability is being tracked as CVE-2022-0540. Atlassian has released a public security advisory addressing the critical authentication bypass vulnerability in Seraph, the company’s web application security framework. Note that this vulnerability does not impact the cloud versions of … Continue reading “Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)”
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability (CVE-2022-20695)
Cisco has released an advisory to address an authentication bypass vulnerability in the management interface of Cisco Wireless LAN Controller (WLC) software. This vulnerability allows an unauthenticated remote attacker to bypass authentication controls and log in to the device through the management interface. This vulnerability exists due to incorrect implementation of the password validation … Continue reading “Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability (CVE-2022-20695)”
Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)
Researchers from SonarSource have discovered a critical severity vulnerability in Zabbix that allows an attacker to bypass authentication and execute arbitrary code on a targeted server. Zabbix is an open-source monitoring software program that can be used to track IT infrastructures like networks, servers, virtual machines, and cloud services. The vulnerability is tracked as … Continue reading “Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)”
CISA has released an alert for the Zoho ManageEngine ADSelfService Plus authentication bypass vulnerability exploited by APT actors (CVE-2021-40539)
CISA has released a joint advisory regarding the recently exploited vulnerability in Zoho’s ManageEngine ADSelfService Plus. The advisory urges users to upgrade their tools, as APT attackers are aggressively exploiting a recently identified vulnerability. The FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) collaborated on this joint advisory to highlight the cyber threat … Continue reading “CISA has released an alert for the Zoho ManageEngine ADSelfService Plus authentication bypass vulnerability exploited by APT actors (CVE-2021-40539)”
