This is the first launch of a series of blog posts on Security Vulnerabilities that we will explore week on week.
This week java is featured as it has been receiving a lot of attention since the beginning of the year
Read the related Blogs:
- Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18
- Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.
POC Available – Patched since 19/4/22
Old but not old – still spring framework
emote code execution (RCE) vulnerability racked as CVE-2010-1622,
CVE-2022-0540 and comes with a severity rating of 9.9
More specifically, the following versions are impacted:
- Jira Core Server, Software Server, and Software Data Center before 8.13.18, the 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x.
- Jira Service Management Server and Management Data Center before 4.13.18, the 4.14.x, 4.15.x, 4.16.x, 4.17.x, 4.18.x, 4.19.x, 4.20.x before 4.20.6, 4.21.x.
Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely.
Fraser Hess of Pinnacol Assurance found the flaw (tracked as CVE-2022-20773) in the key-based SSH authentication mechanism of Cisco Umbrella VA.
but Cisco says that the SSH service is not enabled by default on Umbrella on-premise virtual machines, significantly lowering the vulnerability’s overall impact.
CVE-2022-20783 (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE)
CVE-2022-20773 (CVSS score: 7.5),
a third high-severity vulnerability is a case of privilege escalation in Cisco Virtualized Infrastructure Manager (CVE-2022-20732, CVSS score: 7.8)
More details: https://tools.cisco.com/security/center/publicationListing.x