Published: 02/11/2020 | Last Updated : 02/11/2020 MITRE CVE-2020-0688 “A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, […]
Published by Apache: 2020-02-24 MITRE CVE-2020-3158 “When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may […]
This blog post is a short summary of this week’s Information Security News put together by SecOps team. Basefarm have started to publish vulnerability bulletin in the blog posts, feel free to share this with our customers: https://blog.basefarm.com/blog/category/security-blog/vuln-bullet/feed/ Top 3 Security News: CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Critical […]
Published by Cisco: 2020-02-19 MITRE CVE-2020-3158 “A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.” The vulnerability has a CVSS Base score of 9.8, Critical. Basefarm has triaged this vulnerability and found […]
Published by VMware: 2020-02-18 MITRE CVE-2020-3943 “vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.” “vRealize Operations for Horizon Adapter has an improper trust store configuration […]
Published by Wordfence: 2020-02-18 No known CVE “This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts. This vulnerability has not yet been patched. We are only trying to get the word out so people can remove the […]
Published by Microsoft: 02/11/2020 MITRE CVE-2020-0618 “A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.” There exists a proof of concept and write-up. Basefarm considers this a […]
“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.” “Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.” Read […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). “What are the key considerations security decision makers should take into account when designing their 2020 breach protection?” 1,536 cybersecurity professionals has been asked that question and many other security related questions in Cynet’s […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). The year 2020 started of by throwing out a bunch of new vulnerabilities that needed fixing. First it was the Citrix vulnerability in Application Delivery Controller and Gateway products, formerly known as netscaler. The […]
Photo by Chad Peltola on Unsplash
Photo by Bee Felten-Leidel on Unsplash
Photo by Evgeny Tchebotarev on Unsplash
Photo by Thomas Jensen on Unsplash
By Webaroo on Unsplash
https://unsplash.com/license