New Alerts for VMware, NetApp, Shibboleth, Samba, and Tenable.
VMware
vRealize Network Insight (vRNI) contain command injection and directory traversal vulnerabilities present in the vRNI REST API. A remote attacker can execute commands and read arbitrary files. Highest CVSSv3 score of 9.8
More info.
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. A remote attacker can obtain system information due to an unauthenticated endpoint. CVSSv3 score of 5.3
More info.
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8. Only 1 has patches.
More info.
Older releases of the Shibboleth Identity Provider and OpenSAML-Java library are potentially vulnerable to attacks ranging from DoS to RCE when given specially-crafted encrypted XML to decrypt. Some decryption use cases include unauthenticated message processing, so are widely accessible.
More info.
Samba has published several bulletins addressing vulnerabilities in rc4-hmac in Kerberos.
More info.
Tenable.ad uses Erlang, which was found to contain vulnerabilities. CVSSv3 score of 9.8
More info.
Comments