Aplica estos parches de seguridad en Sage CRM para corregir vulnerabilidades
Fecha 09/02/2024
Importancia 4 - Alta
Recursos Afectados
Sage CRM 2021, versiones anteriores a R2.5.
Sage CRM 2022, versiones anteriores a R2.4.
Sage CRM 2023, versiones anteriores a R2.2.
Descripción
Se han lanzado tres parches para Sage CRM que corrigen vulnerabilidades y proporcionan una mejora de seguridad. Las vulnerabilidades corregidas podrían permitir a un ciberdelincuente realizar ataques de inyección SQL.
Solución
Se recomienda aplicar los parches lo antes posible:
Sage CRM 2021 R2.5
Sage CRM 2022 R2.4
Sage CRM 2023 R2.2
Mejoras que incluyen los parches:
Apache Solr se ha actualizado a la versión 8.
Se ha proporcionado mitigación para prevenir ataques de inyección SQL dentro de ciertos campos.
Se ha corregido un error que se producía cuando un usuario cargaba un archivo, cuyo nombre contenía un signo “&” en Sage CRM.
Se ha incluido una nueva casilla de verificación que permite a los administradores del sistema habilitar o deshabilitar la opción de permitir URL externas en los gadgets de sitios web. Permitir URL externas puede hacer que los usuarios sean redirigidos a URL maliciosas, haciendo que Sage CRM sea menos seguro.
Con los ataques SQL los ciberdelincuentes pretenden acceder a las bases de datos de las empresas, con la intención de obtener información o provocar daños. Tanto en este como en otro tipo de ataques, es muy importante contar con un plan de respuesta ante incidentes que ayude a minimizar el impacto.
https://www.incibe.es/empresas/avisos/aplica-estos-parches-de-seguridad-en-sage-crm-para-corregir-vulnerabilidades
Fecha 09/02/2024
Importancia 4 - Alta
Recursos Afectados
Sage CRM 2021, versiones anteriores a R2.5.
Sage CRM 2022, versiones anteriores a R2.4.
Sage CRM 2023, versiones anteriores a R2.2.
Descripción
Se han lanzado tres parches para Sage CRM que corrigen vulnerabilidades y proporcionan una mejora de seguridad. Las vulnerabilidades corregidas podrían permitir a un ciberdelincuente realizar ataques de inyección SQL.
Solución
Se recomienda aplicar los parches lo antes posible:
Sage CRM 2021 R2.5
Sage CRM 2022 R2.4
Sage CRM 2023 R2.2
Mejoras que incluyen los parches:
Apache Solr se ha actualizado a la versión 8.
Se ha proporcionado mitigación para prevenir ataques de inyección SQL dentro de ciertos campos.
Se ha corregido un error que se producía cuando un usuario cargaba un archivo, cuyo nombre contenía un signo “&” en Sage CRM.
Se ha incluido una nueva casilla de verificación que permite a los administradores del sistema habilitar o deshabilitar la opción de permitir URL externas en los gadgets de sitios web. Permitir URL externas puede hacer que los usuarios sean redirigidos a URL maliciosas, haciendo que Sage CRM sea menos seguro.
Con los ataques SQL los ciberdelincuentes pretenden acceder a las bases de datos de las empresas, con la intención de obtener información o provocar daños. Tanto en este como en otro tipo de ataques, es muy importante contar con un plan de respuesta ante incidentes que ayude a minimizar el impacto.
https://www.incibe.es/empresas/avisos/aplica-estos-parches-de-seguridad-en-sage-crm-para-corregir-vulnerabilidades
www.incibe.es
Aplica estos parches de seguridad en Sage CRM para corregir vulnerabilidades
Se han lanzado tres parches para Sage CRM que corrigen vulnerabilidades y proporcionan una mejora de s
Critical Security Issue Affecting TeamCity On-Premises (CVE-2024-23917) – Update to 2023.11.3 Now
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
The JetBrains Blog
Critical Security Issue Affecting TeamCity On-Premises (CVE-2024-23917) – Update to 2023.11.3 Now | The TeamCity Blog
Summary A critical security vulnerability was identified in TeamCity On-Premises (initially discovered and reported by an external security researcher on January 19, 2024). This critical securi
FortiOS - Out-of-bound Write in sslvpnd
IR Number FG-IR-24-015
Date Feb 8, 2024
Severity Critical
CVSSv3 Score 9.6
Impact Execute unauthorized code or commands
CVE ID CVE-2024-21762
https://www.fortiguard.com/psirt/FG-IR-24-015
IR Number FG-IR-24-015
Date Feb 8, 2024
Severity Critical
CVSSv3 Score 9.6
Impact Execute unauthorized code or commands
CVE ID CVE-2024-21762
https://www.fortiguard.com/psirt/FG-IR-24-015
FortiGuard Labs
PSIRT | FortiGuard Labs
None
FortiOS - Format String Bug in fgfmd
IR Number FG-IR-24-029
Date Feb 8, 2024
Severity Critical
CVSSv3 Score 9.8
Impact Execute unauthorized code or commands
CVE ID CVE-2024-23113
https://www.fortiguard.com/psirt/FG-IR-24-029
IR Number FG-IR-24-029
Date Feb 8, 2024
Severity Critical
CVSSv3 Score 9.8
Impact Execute unauthorized code or commands
CVE ID CVE-2024-23113
https://www.fortiguard.com/psirt/FG-IR-24-029
FortiGuard Labs
PSIRT | FortiGuard Labs
None
Actualización de seguridad de SAP de febrero de 2024
Fecha 14/02/2024
Importancia 5 - Crítica
Recursos Afectados
SAP ABA (Application Basis), versiones: 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I.
SAP NetWeaver AS Java (User Admin Application), versión 7.50.
SAP CRM WebClient UI, versiones: S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801.
IDES Systems, todas las versiones.
El resto de productos afectados por vulnerabilidades, no críticas y altas, se pueden consultar en las referencias.
Descripción
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-de-sap-de-febrero-de-2024
Fecha 14/02/2024
Importancia 5 - Crítica
Recursos Afectados
SAP ABA (Application Basis), versiones: 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I.
SAP NetWeaver AS Java (User Admin Application), versión 7.50.
SAP CRM WebClient UI, versiones: S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801.
IDES Systems, todas las versiones.
El resto de productos afectados por vulnerabilidades, no críticas y altas, se pueden consultar en las referencias.
Descripción
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-de-sap-de-febrero-de-2024
www.incibe.es
Actualización de seguridad de SAP de febrero de 2024
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
Múltiples vulnerabilidades en BIND 9
Fecha 14/02/2024
Importancia 4 - Alta
Recursos Afectados
Versiones de BIND:
desde 9.0.0 hasta 9.16.46;
desde 9.16.0 hasta 9.16.45;
desde 9.12.0 hasta 9.16.45;
desde 9.18.0 hasta 9.18.22;
desde 9.19.0 hasta 9.19.20.
Versiones de BIND Supported Preview Edition:
desde 9.9.3-S1 hasta 9.16.46-S1;
desde 9.16.8-S1 hasta 9.16.45-S1;
desde 9.18.11-S1 hasta 9.18.22-S1.
Descripción
ICS BIND ha notificado 6 vulnerabilidades de severidad alta que afectan a BIND 9. Un atacante podría explotar estas vulnerabilidades para provocar una denegación de servicio.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-bind-9-0
Fecha 14/02/2024
Importancia 4 - Alta
Recursos Afectados
Versiones de BIND:
desde 9.0.0 hasta 9.16.46;
desde 9.16.0 hasta 9.16.45;
desde 9.12.0 hasta 9.16.45;
desde 9.18.0 hasta 9.18.22;
desde 9.19.0 hasta 9.19.20.
Versiones de BIND Supported Preview Edition:
desde 9.9.3-S1 hasta 9.16.46-S1;
desde 9.16.8-S1 hasta 9.16.45-S1;
desde 9.18.11-S1 hasta 9.18.22-S1.
Descripción
ICS BIND ha notificado 6 vulnerabilidades de severidad alta que afectan a BIND 9. Un atacante podría explotar estas vulnerabilidades para provocar una denegación de servicio.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-bind-9-0
www.incibe.es
Múltiples vulnerabilidades en BIND 9
ICS BIND ha notificado 6 vulnerabilidades de severidad alta que afectan a BIND 9.
Múltiples vulnerabilidades en productos Adobe, ¡actualiza!
Fecha 14/02/2024
Importancia 5 - Crítica
Recursos Afectados
Adobe Commerce, versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, 2.4.3-ext-5, 2.4.2-ext-5, 2.4.1-ext-5, 2.4.0-ext-5, 2.3.7-p4-ext-5 y anteriores.
Magento Open Source, versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores.
Acrobat DC y Acrobat Reader DC, versiones 23.008.20470 y anteriores.
Acrobat 2020 y Acrobat Reader 2020, versiones 20.005.30539 y anteriores.
Descripción
Adobe ha publicado actualizaciones de seguridad para Adobe Commerce y Magento Open Source, junto con Adobe Acrobat y Reader, para Windows y macOS, que corrigen vulnerabilidades críticas, importantes y moderadas.
Estas vulnerabilidades, de ser explotadas exitosamente, podrían provocar la ejecución de código arbitrario, la omisión de características de seguridad, la denegación de servicio de aplicaciones y la fuga de memoria.
https://www.incibe.es/empresas/avisos/multiples-vulnerabilidades-en-productos-adobe-actualiza
Fecha 14/02/2024
Importancia 5 - Crítica
Recursos Afectados
Adobe Commerce, versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, 2.4.3-ext-5, 2.4.2-ext-5, 2.4.1-ext-5, 2.4.0-ext-5, 2.3.7-p4-ext-5 y anteriores.
Magento Open Source, versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores.
Acrobat DC y Acrobat Reader DC, versiones 23.008.20470 y anteriores.
Acrobat 2020 y Acrobat Reader 2020, versiones 20.005.30539 y anteriores.
Descripción
Adobe ha publicado actualizaciones de seguridad para Adobe Commerce y Magento Open Source, junto con Adobe Acrobat y Reader, para Windows y macOS, que corrigen vulnerabilidades críticas, importantes y moderadas.
Estas vulnerabilidades, de ser explotadas exitosamente, podrían provocar la ejecución de código arbitrario, la omisión de características de seguridad, la denegación de servicio de aplicaciones y la fuga de memoria.
https://www.incibe.es/empresas/avisos/multiples-vulnerabilidades-en-productos-adobe-actualiza
www.incibe.es
Múltiples vulnerabilidades en productos Adobe, ¡actualiza!
Adobe ha publicado actualizaciones de seguridad para Adobe Commerce y Magento Open Source, junto con A
ESET Patches High-Severity Privilege Escalation Vulnerability
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products.
https://www.securityweek.com/eset-patches-high-severity-privilege-escalation-vulnerability/
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products.
https://www.securityweek.com/eset-patches-high-severity-privilege-escalation-vulnerability/
SecurityWeek
ESET Patches High-Severity Privilege Escalation Vulnerability
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products.
VMSA-2024-0004
CVSSv3 Range: 6.7
Issue Date: 2024-02-20
CVE(s): CVE-2024-22235
Synopsis:
VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)
Impacted Products
VMware Aria Operations (formerly vRealize Operations)
VMware Cloud Foundation (VMware Aria Operations)
Introduction
A local privilege escalation vulnerability affecting Aria Operations was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2024-0004.html
CVSSv3 Range: 6.7
Issue Date: 2024-02-20
CVE(s): CVE-2024-22235
Synopsis:
VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)
Impacted Products
VMware Aria Operations (formerly vRealize Operations)
VMware Cloud Foundation (VMware Aria Operations)
Introduction
A local privilege escalation vulnerability affecting Aria Operations was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2024-0004.html
VMSA-2024-0003
CVSSv3 Range: 9.6 - 7.8
Issue Date: 2024-02-20
CVE(s): CVE-2024-22245, CVE-2024-22250
Synopsis:
Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
Impacted Products
VMware Enhanced Authentication Plug-in (EAP)
Introduction
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) were responsibly reported to VMware. Guidance is available on removing this deprecated component from impacted environments.
https://www.vmware.com/security/advisories/VMSA-2024-0003.html
CVSSv3 Range: 9.6 - 7.8
Issue Date: 2024-02-20
CVE(s): CVE-2024-22245, CVE-2024-22250
Synopsis:
Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
Impacted Products
VMware Enhanced Authentication Plug-in (EAP)
Introduction
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) were responsibly reported to VMware. Guidance is available on removing this deprecated component from impacted environments.
https://www.vmware.com/security/advisories/VMSA-2024-0003.html
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
A day after the vendor published the security issues, attackers started leveraging them in attacks.
CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, which the vendor assessed as a maximum severity authentication bypass and a high-severity path traversal flaw that impact ScreenConnect servers 23.9.7 and earlier.
https://www.bleepingcomputer.com/news/security/screenconnect-critical-bug-now-under-attack-as-exploit-code-emerges/
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
A day after the vendor published the security issues, attackers started leveraging them in attacks.
CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, which the vendor assessed as a maximum severity authentication bypass and a high-severity path traversal flaw that impact ScreenConnect servers 23.9.7 and earlier.
https://www.bleepingcomputer.com/news/security/screenconnect-critical-bug-now-under-attack-as-exploit-code-emerges/
BleepingComputer
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations.
The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw.
https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations.
The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw.
https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html
(Update) Zyxel security advisory for the remote code execution vulnerability of NAS and firewall products
CVE: CVE-2020-9054
Summary
Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install the standard firmware patches or follow the workaround immediately for optimal protection.
What is the vulnerability?
A remote code execution vulnerability was identified in the weblogin.cgi program used in Zyxel NAS and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.
https://www.zyxel.com/global/en/support/security-advisories/update-zyxel-security-advisory-for-the-remote-code-execution-vulnerability-of-nas-and-firewall-products
CVE: CVE-2020-9054
Summary
Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install the standard firmware patches or follow the workaround immediately for optimal protection.
What is the vulnerability?
A remote code execution vulnerability was identified in the weblogin.cgi program used in Zyxel NAS and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.
https://www.zyxel.com/global/en/support/security-advisories/update-zyxel-security-advisory-for-the-remote-code-execution-vulnerability-of-nas-and-firewall-products
Zyxel
(Update) Zyxel security advisory for the remote code execution vulnerability of NAS and firewall products | Zyxel Networks
CVE: CVE-2020-9054 Summary Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install the standard firmware patches or follow the workaround immediately for optimal protection.…
VMSA-2024-0005
CVSSv3 Range: 5.9
Issue Date: 2024-02-27
CVE(s): CVE-2024-22251
Synopsis:
VMware Workstation and Fusion updates address an out-of-bounds read vulnerability (CVE-2024-22251)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Fusion
Introduction
An out-of-bounds read vulnerability in VMware Workstation and Fusion was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2024-0005.html
CVSSv3 Range: 5.9
Issue Date: 2024-02-27
CVE(s): CVE-2024-22251
Synopsis:
VMware Workstation and Fusion updates address an out-of-bounds read vulnerability (CVE-2024-22251)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Fusion
Introduction
An out-of-bounds read vulnerability in VMware Workstation and Fusion was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2024-0005.html
Ejecución remota de código en Azure de Microsoft
Fecha 27/02/2024
Importancia 5 - Crítica
Recursos Afectados
MCR VSTS CLI para Microsoft Azure
Descripción
Nitesh Surana (@_niteshsurana) de Trend Micro Research, ha notificado una vulnerabilidad de severidad crítica que podría permitir a un atacante remoto ejecutar código arbitrario.
Solución
Microsoft ha publicado una actualización para corregir esta vulnerabilidad.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-remota-de-codigo-en-azure-de-microsoft
Fecha 27/02/2024
Importancia 5 - Crítica
Recursos Afectados
MCR VSTS CLI para Microsoft Azure
Descripción
Nitesh Surana (@_niteshsurana) de Trend Micro Research, ha notificado una vulnerabilidad de severidad crítica que podría permitir a un atacante remoto ejecutar código arbitrario.
Solución
Microsoft ha publicado una actualización para corregir esta vulnerabilidad.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-remota-de-codigo-en-azure-de-microsoft
www.incibe.es
Ejecución remota de código en Azure de Microsoft
Nitesh Surana (@_niteshsurana) de Trend Micro Research, ha notificado una vulnerabilidad de severidad
Múltiples vulnerabilidades en Secure Analytics de Juniper
Fecha 29/02/2024
Importancia 5 - Crítica
Recursos Afectados
Estos problemas afectan a Juniper Networks Juniper Secure Analytics en todas las versiones anteriores a 7.5.0 UP7.
Descripción
Juniper ha publicado 14 vulnerabilidades de las cuales 2 de ellas son de severidad crítica y el resto altas y medias.
Solución
Actualizar a Juniper Secure Analytics en 7.5.0 UP7 IF05 a una versión posterior.
Las actualizaciones de software están disponibles para descargar en https://support.juniper.net/support/downloads/
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-secure-analytics-de-juniper
Fecha 29/02/2024
Importancia 5 - Crítica
Recursos Afectados
Estos problemas afectan a Juniper Networks Juniper Secure Analytics en todas las versiones anteriores a 7.5.0 UP7.
Descripción
Juniper ha publicado 14 vulnerabilidades de las cuales 2 de ellas son de severidad crítica y el resto altas y medias.
Solución
Actualizar a Juniper Secure Analytics en 7.5.0 UP7 IF05 a una versión posterior.
Las actualizaciones de software están disponibles para descargar en https://support.juniper.net/support/downloads/
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-secure-analytics-de-juniper
www.incibe.es
Múltiples vulnerabilidades en Secure Analytics de Juniper
Juniper ha publicado 14 vulnerabilidades de las cuales 2 de ellas son de severidad crítica y el resto
VMSA-2024-0006.1
CVSSv3 Range: 7.1-9.3
Issue Date: 2024-03-05
CVE(s): CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255
Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
Introduction
Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
The individual vulnerabilities documented on this VMSA for ESXi have severity Important but combining these issues will result in Critical severity.
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
CVSSv3 Range: 7.1-9.3
Issue Date: 2024-03-05
CVE(s): CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255
Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
Introduction
Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
The individual vulnerabilities documented on this VMSA for ESXi have severity Important but combining these issues will result in Critical severity.
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
VMSA-2024-0006.1
CVSSv3 Range: 7.1-9.3
Issue Date: 2024-03-05
CVE(s):CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255
Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
Introduction
Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
The individual vulnerabilities documented on this VMSA for ESXi have severity Important but combining these issues will result in Critical severity.
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
CVSSv3 Range: 7.1-9.3
Issue Date: 2024-03-05
CVE(s):CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255
Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
Introduction
Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
The individual vulnerabilities documented on this VMSA for ESXi have severity Important but combining these issues will result in Critical severity.
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
Múltiples vulnerabilidades 0day en productos de Apple
Fecha 06/03/2024
Importancia 5 - Crítica
Recursos Afectados
iOS 16.7.6 y iPadOS 16.7.6
iOS 17.4 y iPadOS 17.4
Descripción
Apple ha publicado 4 vulnerabilidades, 2 de ellas de tipo 0day, que podrían permitir a un atacante eludir las protecciones de la memoria del kernel.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-0day-en-productos-de-apple-1
Fecha 06/03/2024
Importancia 5 - Crítica
Recursos Afectados
iOS 16.7.6 y iPadOS 16.7.6
iOS 17.4 y iPadOS 17.4
Descripción
Apple ha publicado 4 vulnerabilidades, 2 de ellas de tipo 0day, que podrían permitir a un atacante eludir las protecciones de la memoria del kernel.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-0day-en-productos-de-apple-1
www.incibe.es
[Actualización 08/03/2024] Múltiples vulnerabilidades 0day en productos de Apple
Apple ha publicado 4 vulnerabilidades, 2 de ellas de tipo 0day, que podrían permitir a un atacante elu
VMSA-2024-0007
CVSSv3 Range: 4.3
Issue Date: 2024-03-07
CVE(s): CVE-2024-22256
Synopsis:
VMware Cloud Director updates address a partial information disclosure vulnerability (CVE-2024-22256).
Impacted Products
VMware Cloud Director
Introduction
A partial information disclosure vulnerability in VMware Cloud Director was privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2024-0007.html
CVSSv3 Range: 4.3
Issue Date: 2024-03-07
CVE(s): CVE-2024-22256
Synopsis:
VMware Cloud Director updates address a partial information disclosure vulnerability (CVE-2024-22256).
Impacted Products
VMware Cloud Director
Introduction
A partial information disclosure vulnerability in VMware Cloud Director was privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2024-0007.html