New Alerts for VMware, NetApp, Shibboleth, Samba, and Tenable.

VMware 

vRealize Network Insight (vRNI) contain command injection and directory traversal vulnerabilities present in the vRNI REST API. A remote attacker can execute commands and read arbitrary files. Highest CVSSv3 score of 9.8
More info.

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. A remote attacker can obtain system information due to an unauthenticated endpoint. CVSSv3 score of 5.3
More info.

NetApp 

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8. Only 1 has patches.
More info.

Shibboleth 

Older releases of the Shibboleth Identity Provider and OpenSAML-Java library are potentially vulnerable to attacks ranging from DoS to RCE when given specially-crafted encrypted XML to decrypt. Some decryption use cases include unauthenticated message processing, so are widely accessible.
More info.

Samba 

Samba has published several bulletins addressing vulnerabilities in rc4-hmac in Kerberos.
More info.

Tenable 

Tenable.ad uses Erlang, which was found to contain vulnerabilities. CVSSv3 score of 9.8
More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts