Security News > 2024 > January > Patch now: Critical VMware, Atlassian flaws found
VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.
The solution: "Immediately" patch each affected installation by updating to the latest available version, according to the vendor.
Atlassian also released fixes for a high-severity flaw was found in the FasterXML Jackson Databind code used in versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server.
Moving on to the critical VMware bug, CVE-2023-34063.
Luckily this one also has a fix, so upgrade to VMware Aria Automation 8.16, and then apply the patch.
As the virtualization giant notes: "The only supported upgrade path after applying the patch is to version 8.16. VMware strongly recommends this version. If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/16/patch_vmware_atlassian/
Related news
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-34063 | Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | 8.3 |