An authentication bypass vulnerability has been discovered in Atlassian Jira and Jira Service Management products. The vulnerability is being tracked as CVE-2022-0540. Atlassian has released a public security advisory addressing the critical authentication bypass vulnerability in Seraph, the company’s web application security framework. Note that this vulnerability does not impact the cloud versions of … Continue reading “Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)”
Tag: authentication bypass vulnerability
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability (CVE-2022-20695)
Cisco has released an advisory to address an authentication bypass vulnerability in the management interface of Cisco Wireless LAN Controller (WLC) software. This vulnerability allows an unauthenticated remote attacker to bypass authentication controls and log in to the device through the management interface. This vulnerability exists due to incorrect implementation of the password validation … Continue reading “Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability (CVE-2022-20695)”
Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)
Researchers from SonarSource have discovered a critical severity vulnerability in Zabbix that allows an attacker to bypass authentication and execute arbitrary code on a targeted server. Zabbix is an open-source monitoring software program that can be used to track IT infrastructures like networks, servers, virtual machines, and cloud services. The vulnerability is tracked as … Continue reading “Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)”
CISA has released an alert for the Zoho ManageEngine ADSelfService Plus authentication bypass vulnerability exploited by APT actors (CVE-2021-40539)
CISA has released a joint advisory regarding the recently exploited vulnerability in Zoho’s ManageEngine ADSelfService Plus. The advisory urges users to upgrade their tools, as APT attackers are aggressively exploiting a recently identified vulnerability. The FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) collaborated on this joint advisory to highlight the cyber threat … Continue reading “CISA has released an alert for the Zoho ManageEngine ADSelfService Plus authentication bypass vulnerability exploited by APT actors (CVE-2021-40539)”
