New Alerts for Bentley Nevada, Node.js, Santesoft, Rockwell Automation, F5, NetApp, and Linux.
Bentley Nevada
Bentley Nevada 3701/4X and 60M100 (3701/60) Condition Monitoring System contain vulnerabilities identified as OT:ICEFALL, including Use of Hard-coded Credentials and Missing Authentication. Highest CVSSv3 score of 9.1
More info.
A security release is available that fixes 2 High and 5 Medium vulnerabilities. Highest CVSSv3 score of 9.6
More info.
Sante PACS Server contains a vulnerability that allows remote attackers to bypass authentication on affected installations of Sante PACS Server. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. CVSSv3 score of 9.8
More info.
Rockwell Automation was made aware that the X-Frame-Options header is not configured in the HTTP response and allows potential clickjacking attacks. Exploitation of this vulnerability could potentially allow a malicious user to trick a legitimate user into using an untrusted website. If exploited, this vulnerability could lead to a loss of sensitive information, such as authentication credentials. CVSSv3 score of 6.5
More info. And here.
Traffix SDC contains a vulnerability in Apache Tomcat that allows a remote attacker to copromise the affected system. CVSSv3 score of 8.6
More info.
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software that is included in their products. Four of them include patches.
More info.
SUSE has updated rsyslog, crash, fwupd, and others. More info.
OpenSUSE has updated fwupd and others. More info.
Comments