Security News > 2024 > January > Patch now: Critical VMware, Atlassian flaws found
VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.
The solution: "Immediately" patch each affected installation by updating to the latest available version, according to the vendor.
Atlassian also released fixes for a high-severity flaw was found in the FasterXML Jackson Databind code used in versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server.
Moving on to the critical VMware bug, CVE-2023-34063.
Luckily this one also has a fix, so upgrade to VMware Aria Automation 8.16, and then apply the patch.
As the virtualization giant notes: "The only supported upgrade path after applying the patch is to version 8.16. VMware strongly recommends this version. If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/16/patch_vmware_atlassian/
Related news
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-34063 | Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | 8.3 |