Security Advisories: Oct 15 – Oct 21, 2024

Title: Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway

Published Date: Jul 18, 2023

Risk Index: 9.94 of 10 (Critical)

Summary: A critical vulnerability has been identified in the Citrix NetScaler ADC and NetScaler Gateway, allowing unauthenticated remote code execution. This issue stems from multiple vulnerabilities which could potentially compromise the affected systems.

If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. This level of control could further allow for data exfiltration, system modification, or the deployment of additional malware.

Title: Multiple vulnerabilities in Adobe ColdFusion

Published Date: Jul 19, 2023

Risk Index: 9.67 of 10 (Critical)

Summary: A critical vulnerability has been identified in the Adobe ColdFusion software, specifically pertaining to the Improper Access Control of its versions including 2018u18 (and earlier), 2021u8 (and earlier), and 2023u2 (and earlier). This vulnerability, cataloged as CVE-2023-38205, could potentially allow an attacker to bypass security features to access administration CFM and CFC endpoints without the requirement of user interaction.

If exploited, this vulnerability could permit an attacker to bypass certain security restrictions, leading to unauthorized access of administrative functionalities as well as arbitrary code execution within the affected ColdFusion environments. This creates substantial risks wherein sensitive data could be compromised, services disrupted, and servers commandeered to support further illicit activities.

Title: Remote PHP code execution in Joomla!

Published Date: Dec 12, 2015

Risk Index: 9.64 of 10 (Critical)

Summary: A critical vulnerability, identified as CVE-2015-8562, has been detected in Joomla! versions 1.5.x, 2.x, and 3.x before 3.4.6. This vulnerability allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, with instances of exploitation being observed in the wild in December 2015.

If successfully exploited, CVE-2015-8562 can allow attackers to gain unauthorized control over affected CMS instances, running arbitrary PHP code as directed. An exploit of this nature equates to administrative-level access, potentially leading to a full compromise. Attackers could execute malicious code, access confidential user data, plant backdoors, or use the compromised CMS as a springboard for further attacks. This vulnerability is notably critical in environments where sensitive data is processed, potentially leading to severe data leaks or unlawful actions being carried out at the host’s expense.

Title: Remote code execution in Print Spooler service in Microsoft Windows

Published Date: Sep 14, 2010

Risk Index: 9.64 of 10 (Critical)

Summary: A critical vulnerability has been identified in the Print Spooler service of Microsoft Windows, which affects several versions including Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, along with Windows 7. This vulnerability allows remote attackers to create files in a system directory and execute arbitrary code through a crafted print request over the RPC protocol. Referred to as the “Print Spooler Service Impersonation Vulnerability,” this was notably exploited in the wild in September 2010.

If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data and execute arbitrary code on the affected system, escalating their privileges and potentially leading to complete system compromise and beyond, such as infecting networked environments with malware.

Title: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present

Published Date: Dec 05, 2023

Risk Index: 9.64 of 10 (Critical)

Summary: A critical vulnerability has been identified in the XML-RPC component of Apache OFBiz, a widely used open-source enterprise resource planning (ERP) system. This pre-authentication remote code execution (RCE) flaw affects versions of Apache OFBiz prior to 18.12.10. The vulnerability arises due to an outdated XML-RPC mechanism that is no longer maintained but remains present in the software. As a result, this issue allows attackers to potentially execute arbitrary code on affected systems, bypassing authentication mechanisms prematurely. Users are highly recommended to upgrade to version 18.12.10 to mitigate potential risks.

If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive ERP data or execute arbitrary code on the affected OFBiz systems. This can lead to potential data breaches, loss of enterprise operational control, or use of the compromised system as a launchpad for further attacks within an organization’s network. This security hole can result in severe disruptions to business operations given the foundational role ERP systems play in managing integrated business processes. 

Check out our Vulnerability Notices to keep up to date with the vulnerabilities to watch out for. 

Share This Post On