Security News > 2024 > January > Patch now: Critical VMware, Atlassian flaws found
VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.
The solution: "Immediately" patch each affected installation by updating to the latest available version, according to the vendor.
Atlassian also released fixes for a high-severity flaw was found in the FasterXML Jackson Databind code used in versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server.
Moving on to the critical VMware bug, CVE-2023-34063.
Luckily this one also has a fix, so upgrade to VMware Aria Automation 8.16, and then apply the patch.
As the virtualization giant notes: "The only supported upgrade path after applying the patch is to version 8.16. VMware strongly recommends this version. If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/16/patch_vmware_atlassian/
Related news
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-34063 | Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | 8.3 |