[CERT-daily] Tageszusammenfassung - 09.03.2023

Thu Mar 9 18:41:50 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 08-03-2023 18:00 − Donnerstag 09-03-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Microsoft Word RCE-Lücke könnte auch Microsoft Outlook betreffen ∗∗∗
---------------------------------------------
Laut einem Bericht bei borncity könnte die mit dem Februar-Patchday gefixte Remote Code Execution - Lücke in Microsoft Word auch Microsoft Outlook (zumindest 2013) betreffen - auch wenn die Februar-Patches eingespielt wurden. Noch sind nicht alle Details dazu klar, wir raten Outlook-Nutzer:innen momentan aber trotzdem dringend dazu die Empfehlungen von Microsoft dazu umzusetzen, und Outlook so zu konfigurieren, dass Mails als reiner Text dargestellt werden.
---------------------------------------------
https://cert.at/de/aktuelles/2023/3/microsoft-word-rce-lucke-konnte-auch-microsoft-outlook-betreffen


∗∗∗ IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks ∗∗∗
---------------------------------------------
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world.
---------------------------------------------
https://thehackernews.com/2023/03/icefire-linux-ransomware.html


∗∗∗ Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware ∗∗∗
---------------------------------------------
Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.
---------------------------------------------
https://thehackernews.com/2023/03/hackers-exploiting-remote-desktop.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Drupal: Gutenberg - Less critical - Denial of Service - SA-CONTRIB-2023-009 ∗∗∗
---------------------------------------------
This vulnerability is mitigated by the fact an attacker must have "use gutenberg" permission to exploit it. If you use the Gutenberg module versions 8.x-2.x, upgrade to Gutenberg 8.x-2.7
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-009


∗∗∗ Oracle Database Vault Protected Table With Realm Data Extraction Vulnerability ∗∗∗
---------------------------------------------
This security issue is fixed from 21c on-wards [ I think back-port patch was released in October 2022 CPU cycle]. Still Exists in 19c (so far from version 19.18 and below). DB Vault is a security feature in Oracle that attempts to restrict “SYS” account power , in addition DB Vault will ensure seperation of duties in place such as account management and authorization can’t be performed by the DBA through SYS account anymore.
---------------------------------------------
https://databasesecurityninja.wordpress.com/2023/03/07/oracle-database-vault-protected-table-with-realm-data-extraction-vulnerability/


∗∗∗ Ivanti Avalanche: Security Alert - CVE-2022-44574 – Authentication Bypass for Remote Control RCServlet ∗∗∗
---------------------------------------------
This vulnerability enables an attacker to overwrite credentials which gives access to a Web Panel. This vulnerability affects all Avalanche Premise versions 6.3.x and below. This vulnerability has a CVE score of 6.5.
---------------------------------------------
https://forums.ivanti.com/s/article/Avalanche-ZDI-CAN-19513-Security-Advisory?language=en_US


∗∗∗ Foxit PDF Editor: Lücken erlauben einschleusen von Schadcode ∗∗∗
---------------------------------------------
Sicherheitslücken in Foxit PDF Editor ermöglichen Angreifern, mit manipulierten PDF-Dateien Schadcode einzuschmuggeln und auszuführen. Ein Update steht bereit.
---------------------------------------------
https://heise.de/-7540068


∗∗∗ Home Assistant: Sicherheitslücke entdeckt und geschlossen ∗∗∗
---------------------------------------------
Wer den Home Assistant mit Supervisor benutzt, sollte sein System jetzt aktualisieren. Ansonsten könnten Eindringlinge sich daran zu schaffen machen.
---------------------------------------------
https://heise.de/-7540500


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel, pesign, samba, and zlib), Oracle (kernel), Slackware (httpd), SUSE (emacs, libxslt, nodejs12, nodejs14, nodejs16, openssl, poppler, python-py, python-wheel, xen, and xorg-x11-server), and Ubuntu (linux-gcp-5.4, linux-gkeop, opusfile, and samba).
---------------------------------------------
https://lwn.net/Articles/925723/


∗∗∗ Cloud Pak for Security uses packages that are vulnerable to multiple CVEs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6551876


∗∗∗ IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962195


∗∗∗ Docker based datastores for IBM Instana do not currently require authentication ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959969


∗∗∗ Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962201


∗∗∗ A vulnerability exists in IBM Robotic Process Automation where Queue Provider credentials are not obfuscated during editing (CVE-2023-25680) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962207


∗∗∗ IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962223


∗∗∗ Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6536732


∗∗∗ Multiple Vulnerabilities in IBM HTTP Server affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962383


∗∗∗ Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962407


∗∗∗ June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962411


∗∗∗ z\/Transaction Processing Facility is affected by vulnerabilities in the Apache Kafka (kafka-clients) and cryptography packages ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962437


∗∗∗ IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962195


∗∗∗ IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions (CVE-2022-46774) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6962455

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily