VULNERA Pulse

Oracle — E-Business Suite

CVE-2022-21587 / Added: Feb. 2, 2023

CRITICAL CVSS 9.80

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

Back to top ↑

SugarCRM — Multiple Products

CVE-2023-22952 / Added: Feb. 2, 2023

HIGH CVSS 8.80

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Back to top ↑

CVE-2022-27596

CRITICAL CVSS 9.80

Used In Ransomware

Published: Jan. 30, 2023

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later

Vendor Impacted: Qnap

Products Impacted: Qts, Quts Hero

Quotes

• Censys has observed 67,415 hosts with indications of running a QNAP-based system; unfortunately, we could only obtain the version number from 30,520 hosts - Dark Reading
• A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code - Security Affairs
• If the exploit is published and weaponized, it could spell trouble to thousands of QNAP users. Everyone must upgrade their QNAP devices immediately to be safe from future ransomware campaigns - SecurityWeek
• We found that of the 30,520 hosts with a version, only 557 were running QuTS Hero greater than or equal to 'h5.0.1.2248' or QTS greater than or equal to '5.0.1.2234,' meaning 29,968 hosts could be affected by this vulnerability - infosecurity-magazine.com
• Control Panel > System > Firmware Update - BleepingComputer
• Control Panel - System - Firmware Update - BleepingComputer
• If exploited, this vulnerability allows remote attackers to inject malicious code - infosecurity-magazine.com
• A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code,' warns the QNAP security advisory. The vendor hasn't disclosed many details about the vulnerability or its exploitation potential, but the NIST portal describes it as a SQL injection flaw. SQL injection flaws allow attackers to send specially crafted requests on vulnerable devices to modify legitimate SQL queries to perform unexpected behavior. Furthermore, QNAP released a JSON file describing the severity of the vulnerability, which indicates it is exploitable in low-complexity attacks by remote attackers, without requiring user interaction or privileges on the targeted device. QNAP says users' devices running on QTS and QuTS hero should upgrade to the following versions to remain safe: To perform the update, customers can log into their devices as the admin user and go to - BleepingComputer

Headlines

• Feb. 2, 2023 - HPE, NetApp Warn Of Critical Open Source Bug
• Feb. 2, 2023 - Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter
• Feb. 2, 2023 - Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
• Feb. 1, 2023 - Thousands of QNAP devices remain unpatched against 9.8 severity vulnerability
• Feb. 1, 2023 - QNAP's NAS devices affected by a new critical security issue, patches are available
• Feb. 1, 2023 - 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
• Feb. 1, 2023 - Nearly 30,000 QNAP Devices Exposed Via New Bug
• Jan. 31, 2023 - Over 29,000 QNAP devices unpatched against new critical flaw
• Jan. 31, 2023 - Over 29,000 QNAP devices vulnerable to code injection attacks
• Jan. 31, 2023 - QNAP urges customers to update now to stay safe from dangerous security flaw
• Jan. 31, 2023 - Critical QNAP Vulnerability Leads to Code Injection
• Jan. 31, 2023 - QNAP: Patch Critical Remote Code Injection Bug
• Jan. 31, 2023 - QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
• Jan. 30, 2023 - QNAP addresses a critical flaw impacting its NAS devices
• Jan. 30, 2023 - QNAP fixes critical bug letting hackers inject malicious code

CVE-2022-31706

CRITICAL CVSS 9.80

Remote Code Execution

Published: Jan. 26, 2023

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Quotes

• An arbitrary file deletion vulnerability in VMware Workstation was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product - Security Affairs
• Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it - CSO Online
• An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution - SecurityWeek
• For infrastructure and applications in any environment - Dark Reading
• Abuses the various Thrift RPC endpoints to achieve an arbitrary file write - BleepingComputer
• Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some could have been exploited to run arbitrary code - Security Latest
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network - Security Affairs
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads - BleepingComputer

Headlines

• Feb. 3, 2023 - VMware Workstation update fixes an arbitrary file deletion bug
• Feb. 2, 2023 - Remote code execution exploit chain available for VMware vRealize Log Insight
• Feb. 1, 2023 - VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
• Jan. 31, 2023 - Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
• Jan. 31, 2023 - Experts released VMware vRealize Log RCE exploit for CVE-2022-31706
• Jan. 31, 2023 - Exploit released for critical VMware vRealize RCE vulnerability
• Jan. 31, 2023 - You Really Need to Update Firefox and Android Right Now
• Jan. 29, 2023 - Watch out! Experts plans to release VMware vRealize Log RCE exploit next week
• Jan. 29, 2023 - Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached
• Jan. 28, 2023 - Researchers to release VMware vRealize Log RCE exploit, patch now

CVE-2022-31704

CRITICAL CVSS 9.80

Remote Code Execution

Published: Jan. 26, 2023

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

Quotes

• Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it - CSO Online
• An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution - SecurityWeek
• For infrastructure and applications in any environment - Dark Reading
• Abuses the various Thrift RPC endpoints to achieve an arbitrary file write - BleepingComputer
• Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some could have been exploited to run arbitrary code - Security Latest
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network - Security Affairs
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads - BleepingComputer

Headlines

• Feb. 2, 2023 - Remote code execution exploit chain available for VMware vRealize Log Insight
• Feb. 1, 2023 - VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
• Jan. 31, 2023 - Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
• Jan. 31, 2023 - Experts released VMware vRealize Log RCE exploit for CVE-2022-31706
• Jan. 31, 2023 - Exploit released for critical VMware vRealize RCE vulnerability
• Jan. 31, 2023 - You Really Need to Update Firefox and Android Right Now
• Jan. 29, 2023 - Watch out! Experts plans to release VMware vRealize Log RCE exploit next week
• Jan. 29, 2023 - Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached
• Jan. 28, 2023 - Researchers to release VMware vRealize Log RCE exploit, patch now

CVE-2022-42856

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Dec. 15, 2022

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

Vendor Impacted: Apple

Products Impacted: Ipados, Macos, Tvos, Safari, Ios, Iphone Os

Quotes

• Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some could have been exploited to run arbitrary code - Security Latest

Headlines

• Jan. 31, 2023 - You Really Need to Update Firefox and Android Right Now
• Jan. 29, 2023 - Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached

CVE-2022-31710

HIGH CVSS 7.50

Risk Context N/A

Published: Jan. 26, 2023

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

Quotes

• Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it - CSO Online
• An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution - SecurityWeek
• For infrastructure and applications in any environment - Dark Reading
• Abuses the various Thrift RPC endpoints to achieve an arbitrary file write - BleepingComputer
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network - Security Affairs
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads - BleepingComputer

Headlines

• Feb. 2, 2023 - Remote code execution exploit chain available for VMware vRealize Log Insight
• Feb. 1, 2023 - VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
• Jan. 31, 2023 - Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
• Jan. 31, 2023 - Experts released VMware vRealize Log RCE exploit for CVE-2022-31706
• Jan. 31, 2023 - Exploit released for critical VMware vRealize RCE vulnerability
• Jan. 29, 2023 - Watch out! Experts plans to release VMware vRealize Log RCE exploit next week
• Jan. 29, 2023 - Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached
• Jan. 28, 2023 - Researchers to release VMware vRealize Log RCE exploit, patch now

CVE-2022-2827

HIGH CVSS 7.50

Risk Context N/A

Published: Dec. 5, 2022

AMI MegaRAC User Enumeration Vulnerability

Vendor Impacted: Ami

Product Impacted: Megarac Sp-X

Quotes

• The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking) - The Hacker News
• We really don't know what the what the blast radius is on this, because while we know some of the platforms, we don't have any details as to [how] prolific these things are - Dark Reading

Headlines

• Feb. 1, 2023 - Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software
• Jan. 31, 2023 - Firmware Flaws Could Spell 'Lights Out' for Servers

CVE-2023-24055

MEDIUM CVSS 5.50

Remote Code Execution Public Exploits Available

Published: Jan. 22, 2023

** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

Quotes

• Is this really a bug, or is it just a powerful feature that could be abused by someone who would already need at least as much control over your private files as you have yourself? - Naked Security - Sophos
• Having write access to the KeePass configuration file typically implies that an attacker can actually perform much more powerful attacks than modifying the configuration file (and these attacks in the end can also affect KeePass, independent of a configuration file protection) - TechRadar - All the latest technology news
• Write Access to Configuration File - BleepingComputer

Headlines

• Feb. 1, 2023 - Password-stealing “vulnerability” reported in KeePass – bug or feature?
• Feb. 1, 2023 - KeePass Devs Downplay Password Theft Vulnerability, What You Need To Know
• Jan. 31, 2023 - Top password manager denies its entire database can be stolen
• Jan. 31, 2023 - KeePass Disputes Report Of Flaw That Could Exfiltrate A Database
• Jan. 31, 2023 - This huge password manager exploit may never get fixed
• Jan. 31, 2023 - KeePass Disputes Vulnerability Allowing Stealthy Password Theft
• Jan. 30, 2023 - KeePass disputes vulnerability allowing stealthy password theft

CVE-2022-31711

MEDIUM CVSS 5.30

Risk Context N/A

Published: Jan. 26, 2023

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

Quotes

• Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it - CSO Online
• For infrastructure and applications in any environment - Dark Reading
• An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution - Security Affairs
• Abuses the various Thrift RPC endpoints to achieve an arbitrary file write - BleepingComputer
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network - Security Affairs
• This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads - BleepingComputer

Headlines

• Feb. 2, 2023 - Remote code execution exploit chain available for VMware vRealize Log Insight
• Jan. 31, 2023 - Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
• Jan. 31, 2023 - Experts released VMware vRealize Log RCE exploit for CVE-2022-31706
• Jan. 31, 2023 - Exploit released for critical VMware vRealize RCE vulnerability
• Jan. 29, 2023 - Watch out! Experts plans to release VMware vRealize Log RCE exploit next week
• Jan. 29, 2023 - Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached
• Jan. 28, 2023 - Researchers to release VMware vRealize Log RCE exploit, patch now

CVE-2023-22501

CVSS Not Assigned

Risk Context N/A

Published: Feb. 1, 2023

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.

Quotes

• With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to sign-up tokens sent to users with accounts that have never been logged into - infosecurity-magazine.com
• Access to a Jira Service Management instance under certain circumstances - BleepingComputer
• An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances - Security Affairs
• An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances - SecurityWeek

Headlines

• Feb. 3, 2023 - Atlassian Patches Critical Authentication Flaw in Jira Software
• Feb. 3, 2023 - Atlassian warns of critical Jira Service Management auth flaw
• Feb. 3, 2023 - Atlassian fixes critical bug giving access to Jira Service Management
• Feb. 3, 2023 - Atlassian fixed critical authentication vulnerability in Jira Software
• Feb. 3, 2023 - Atlassian Warns of Critical Jira Service Management Vulnerability
• Feb. 3, 2023 - Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability