Patch now: Critical VMware, Atlassian flaws found The Register

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.
Most serious is CVE-2023-22527, a template injection flaw that can allow unauthenticated remote code execution attacks.
It scored a perfect CVSS rating of 10 out of 10 and affects Confluence Data Center and Server 8 versions released before December 5, 2023 and 8.4.5, which no longer receives fixes.
Atlassian also released fixes for a high-severity flaw was found in the FasterXML Jackson Databind code used in versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server.
The 7.5-rated bug, tracked as CVE-2020-25649, could allow XML external entity attacks in which miscreants could mess with data integrity.
So in addition to updating Confluence, it's also a good idea to upgrade to the latest version of Jira Software Data Center and Server, the collaboration biz advises.
Moving on to the critical VMware bug, CVE-2023-34063.
This one is a missing access control problem in all versions of Aria Automation earlier of 8.16.
Be aware that this infrastructure automation product may be included in VMware Cloud Foundation.
The bug earned a 9.9 CVSS rating, and VMware warns that successful exploitation can allow unauthorized access to remote organizations and workflows.
Luckily this one also has a fix, so upgrade to VMware Aria Automation 8.16, and then apply the patch.

This Cyber News was published on go.theregister.com. Publication date: Tue, 16 Jan 2024 18:43:04 +0000

Cyber News related to Patch now: Critical VMware, Atlassian flaws found The Register

Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
1 year ago Packetstormsecurity.com

Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
1 year ago Bleepingcomputer.com

VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com

Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
1 year ago Bleepingcomputer.com

VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com

Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
1 year ago Bleepingcomputer.com

Patch now: Critical VMware, Atlassian flaws found The Register - VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. Most serious is CVE-2023-22527, a template injection flaw that can ...
1 year ago Go.theregister.com

Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com

VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced ...
11 months ago Bleepingcomputer.com

VMware warns admins of public exploit for vRealize RCE flaw - VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," ...
1 year ago Bleepingcomputer.com

Atlassian Confluence Server RCE attacks underway The Register - More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian ...
1 year ago Go.theregister.com

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
10 months ago Cisa.gov

CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago

Russians break into Microsoft as Chinese hit VMware users The Register - A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write ...
1 year ago Go.theregister.com

VMware Fixes Critical Security Bugs in vRealize Log Analysis Tool - Organizations using the VMware vRealize Log Analysis tool are being urged to update it in order to patch several recently discovered security bugs. According to a security advisory issued by VMware yesterday, the company has identified a critical ...
2 years ago Bleepingcomputer.com

Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
1 year ago Bleepingcomputer.com

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
10 months ago Bleepingcomputer.com

Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
1 year ago Darkreading.com

Atlassian Patches RCE Flaw that Affected Multiple Products - Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. ...
1 year ago Gbhackers.com

How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
7 months ago Heimdalsecurity.com

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
1 year ago Bleepingcomputer.com

Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
2 years ago Securityaffairs.com

Atlassian reveals four fresh critical flaws The Register - Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch. The email, seen by The Register, warns of flaws rated ...
1 year ago Go.theregister.com

CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
7 years ago

Latest Cyber News

CVE-2025-25246 - 13 hours ago
CVE-2025-1022 - 13 hours ago
CVE-2025-1025 - 13 hours ago
CVE-2025-1026 - 13 hours ago
CVE-2025-1028 - 14 hours ago
CVE-2025-23114 - 16 hours ago
CVE-2024-53966 - 18 hours ago
CVE-2025-0413 - 18 hours ago
CVE-2024-53962 - 18 hours ago
CVE-2024-53963 - 18 hours ago
CVE-2024-53964 - 18 hours ago
CVE-2024-53965 - 18 hours ago
CVE-2023-39943 - 19 hours ago
CVE-2023-40222 - 19 hours ago
CVE-2024-11467 - 19 hours ago
CVE-2024-11468 - 19 hours ago
CVE-2024-48445 - 19 hours ago
CVE-2024-8125 - 20 hours ago
CVE-2024-13722 - 20 hours ago
CVE-2024-13723 - 20 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-13114 - 1 day ago
CVE-2024-13115 - 1 day ago
CVE-2024-13325 - 1 day ago
CVE-2024-13326 - 1 day ago
CVE-2024-13327 - 1 day ago
CVE-2024-13328 - 1 day ago
CVE-2024-13329 - 1 day ago
CVE-2024-13330 - 1 day ago
CVE-2024-13331 - 1 day ago
CVE-2024-13332 - 1 day ago
CVE-2025-0368 - 1 day ago
CVE-2025-0466 - 1 day ago
CVE-2024-12597 - 1 day ago
CVE-2024-13607 - 1 day ago
CVE-2024-10237 - 1 day ago
CVE-2024-10238 - 1 day ago
CVE-2024-10239 - 1 day ago
CVE-2024-12046 - 1 day ago
CVE-2024-13514 - 1 day ago
CVE-2025-20881 - 1 day ago