Information Disclosure Vulnerability

VMware Addresses Multiple Vulnerabilities in vCenter Server (CVE-2023-34048 & CVE-2023-34056)

Posted by Diksha Ojha on October 25, 2023January 22, 2024

VMware vCenter Server is vulnerable to out-of-bounds write (CVE-2023-34048) and partial information disclosure (CVE-2023-34056) vulnerabilities. Successful exploitation of the vulnerabilities may result in access to critical data and remote code execution. CISA has added the CVE-2023-34048 to its Known Exploited Vulnerabilities Catalog and requested users to patch it before February 12, 2024.

NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Multiple Vulnerabilities (CVE-2023-4966 & CVE-2023-4967) (CitrixBleed)

Posted by Diksha Ojha on October 12, 2023November 9, 2023

Citrix has released patches to address two vulnerabilities (CVE-2023-4966 & CVE-2023-4967) in NetScaler ADC and Gateway. CVE-2023-4966 has been rated as critical, with a CVSS score of 9.4. Successful exploitation of the vulnerability may lead to information disclosure. CVE-2023-4967 has a high severity rating and a CVSS score of 8.2. Successful exploitation of the vulnerability … Continue reading “NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Multiple Vulnerabilities (CVE-2023-4966 & CVE-2023-4967) (CitrixBleed)”

Cisco Patches Multiple Security Vulnerabilities in Catalyst SD-WAN Manager (CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262)

Posted by Diksha Ojha on September 28, 2023September 29, 2023

Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, is vulnerable to multiple vulnerabilities. The vulnerabilities are tracked as CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262, which have medium, high, and critical severities Successful exploitation of the vulnerabilities may allow an attacker to access an affected instance or cause a denial of service (DoS) condition.

VMware Patched Multiple Critical Vulnerabilities in Aria Operations for Networks (CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889)

Posted by Diksha Ojha on June 15, 2023June 22, 2023

VMware has released a security advisory to address multiple critical vulnerabilities affecting Aria Operations for Networks (formerly vRealize Network Insight). CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889 have been given Critical and Important Severity ratings with CVSS scores of 9.8, 9.1, and 8.8, respectively. Successful exploitation of these vulnerabilities may allow an attacker to perform command injection and/or … Continue reading “VMware Patched Multiple Critical Vulnerabilities in Aria Operations for Networks (CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889)”

VMware Released Patch for Multiple Vulnerabilities in VMware vRealize Log Insight (CVE-2022-31704, CVE-2022-31706, CVE-2022-31710, & CVE-2022-31711)

Posted by Diksha Ojha on January 25, 2023April 12, 2023

VMware has released a security advisory to address multiple vulnerabilities in its vRealize Log Insight product. The vulnerabilities have CVSSv3 scores ranging from 5.3 to 9.8. The vulnerabilities are being tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711. vRealize Log Insight is used by infrastructure and applications in any environment for intelligent log management. This … Continue reading “VMware Released Patch for Multiple Vulnerabilities in VMware vRealize Log Insight (CVE-2022-31704, CVE-2022-31706, CVE-2022-31710, & CVE-2022-31711)”