1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • SolarWinds just patched a whole load of critical security flaws

    From TechnologyDaily@1337:1/100 to All on Fri Jul 19 12:00:06 2024
    SolarWinds just patched a whole load of critical security flaws

    Date:
    Fri, 19 Jul 2024 11:54:37 +0000

    Description:
    SolarWinds patches eight critical-severity flaws which could be abused to run malicious code on vulnerable endpoints.

    FULL STORY ======================================================================

    SolarWinds has patched more than a dozen flaws impacting its Access Rights Manager (ARM) software.

    Some of the vulnerabilities are classified as critical, and can be abused to steal sensitive information, or run malicious code on vulnerable endpoints.

    As such, users are advised to apply the fixes and secure their devices
    without delay. Update now

    In a security advisory published earlier this week, the company detailed 13 vulnerabilities impacting the software, eight of which are labeled critical.

    Here is a short rundown:

    Traversal and Information Disclosure Vulnerability (CVE-2024-23475, 9.6 Critical)

    Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472, 9.6 Critical)

    Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074, 9.6 Critical)

    Exposed Dangerous Method Remote Code Execution Vulnerability (CVE-2024-23469, 9.6 Critical)

    Traversal Remote Code Execution Vulnerability (CVE-2024-23467, 9.6 Critical)

    Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23466, 9.6 Critical)

    UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability (CVE-2024-23470, 9.6 Critical)

    CreateFile Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23471, 9.6 Critical).

    These vulnerabilities, as well as five others (severity scores between 7.6
    and 8.3) have been discovered, and reported, by Trend Micros Zero Day Initiative (ZDI). They were addressed in version 2024.3, published on July 17 2024.

    SolarWinds specializes in IT management software, offering products for network monitoring, server and application monitoring, IT security, database management, and IT help desk and support.

    The company was at the center of a major security snafu back in December
    2020, when a breach at the companys IT infrastructure resulted in a poisoned software update for Orion reaching hundreds of its customers - an incident
    now considered one of the largest and most devastating supply chain attacks
    of all time. More from TechRadar Pro The inside story of the infamous SolarWinds hack Here's a list of the best firewalls around today These are
    the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/solarwinds-just-patched-a-whole-load-of -critical-security-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)