Security News

VMware patches critical vRealize Operations flaws that could lead to RCE
2021-04-01 10:16

Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found. There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform
2021-03-25 22:07

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution. Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the test alert actions feature available in the Orion Web Console, which lets users simulate network events that can be configured to trigger an alert during setup.

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
2021-03-22 01:34

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "Unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly.

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites
2021-03-21 23:29

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update on March 10 addressing the issues.

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs
2021-03-11 14:21

F5 Networks is warning users to patch four critical remote command execution flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. The company released an advisory, Wednesday, on seven bugs in total, with two others rated as high risk and one rated as medium risk, respectively.

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
2021-03-10 22:01

Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service attack and even unauthenticated remote code execution on target networks. The four critical flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical pre-auth remote code execution also affecting BIG-IQ versions 6.x and 7.x. F5 said it's not aware of any public exploitation of these issues.

SAP Stomps Out Critical RCE Flaw in Manufacturing Software
2021-03-10 22:00

Enterprise software giant SAP pushed out fixes for a critical-severity vulnerability in its real-time data monitoring software for manufacturing operations. If exploited, the flaw could allow an attacker to access SAP databases, infect end users with malware and modify network configurations.

F5 urges customers to patch critical BIG-IP pre-auth RCE bug
2021-03-10 17:04

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands, with the company claiming that "48 of the Fortune 50 rely on F5.".

F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs
2021-03-10 17:04

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands, with the company claiming that "48 of the Fortune 50 rely on F5.".

VMware releases fix for severe View Planner RCE vulnerability
2021-03-04 17:09

VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.