![]() ![]() ![]() Bitdefender Unified Endpoint versions prior to 6.2.21.160. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390 versions prior to 7.1.2.33. Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. ![]() This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. The supported version that is affected is 5.6. Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Let us know your thoughts in the comments.Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Since the patches are out with the latest releases, users must ensure updating their systems with the newest client versions. Consequently, the respective vendors started developing and releasing fixes to address the matter. Patches Releasedįollowing this discovery, the researchers reached out to Eltima, Amazon, and other vulnerable entities. This includes gaining access to unpatched machines and spreading laterally on the target network. ![]() In the case of organizations, such attacks could have even more devastating consequences. Since it also involves remote desktops, exploiting the bugs would also affect remote systems. Exploiting the bugs could allow privilege escalation, ultimately allowing an attacker to meddle with the target system, disable security programs, overwrite system components, and more. The same product, with some modifications, is used by Amazon WorkSpaces to enable its users to redirect USB devices to their remote desktop, allowing them to connect devices such as USB webcams to Zoom calls directly from the remote desktop.Īs elaborated in their report, these vulnerabilities affect cloud service consumers as well. Eltima develops a product called “USB Over Ethernet”, which enables remote USB redirection. The WSP protocol consists of several libraries, some of which are provided by 3rd parties. Regarding how Workspaces utilize Eltima SDK, the researchers explained, However, the researchers only validated their findings for AWS Workspaces. Consequently, the vulnerable providers include Amazon Workspaces, NoMachine, Accops, and others. The vulnerabilities specifically originated from a specific library that many cloud providers use. These flaws typically existed in the Eltima SDK providing USB over ethernet capability to many cloud services. Researchers from Sentinel Labs found multiple security flaws affecting cloud services. These include the popular Amazon (AWS) Workspaces, NoMachine, and more. Multiple security flaws affected USB over Ethernet, which, in turn, affected numerous cloud services. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |