A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211.

**Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product**

*   SA No:huawei-sa-SCIViaHPP-6bcddec5
*   Initial Release Date: 2023-04-26
*   Last Release Date: 2023-04-26

  

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.(Vulnerability ID:HWPSIRT-2022-90270)

This vulnerability has been assigned a (CVE)ID:CVE-2022-48472

  

Affected Product

Affected Version

Repair Versions

BiSheng-WNM

OTA-BiSheng-FW-2.0.0.211-beta

OTA-BiSheng-FW-3.0.0.327

BiSheng-WNM FW 3.0.0.325

BiSheng-WNM FW 3.0.0.327

BiSheng-WNM FW 2.0.0.211

BiSheng-WNM FW 3.0.0.327

  

HWPSIRT-2022-90270:

Successful exploitation could lead to remote code execution.

  

Vulnerabilities are scored base on the CVSS v3.1 scoring system. For details please refer to: https://www.first.org/cvss/specification-document.

HWPSIRT-2022-90270

Base Score: 9.8

Temporal Score: 9.1

Environmental Score: NA

CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

  

HWPSIRT-2022-90270:

This vulnerability can be exploited only when the following conditions are present:

An attacker can access devices through the network.

Technical details:

A Huawei printer product has a system command injection vulnerability. This vulnerability is caused by improper filtering of special characters in external input. Unauthorized attackers can exploit this vulnerability by constructing malicious external input. Successful exploitation could lead to remote code execution.

  

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

HWPSIRT-2022-90270:

This vulnerability was discovered by Huawei internal tester.

  

2023-04-26 V1.0 Initial Release;

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-48472: huawei-sa-SCIViaHPP-6bcddec5-en

Apple Security Advisory 2022-08-17-1 - iOS 15.6.1 and iPadOS 15.6.1 addresses code execution and out of bounds write vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213412.KernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privileges. Apple is aware of a report that this issue mayhave been actively exploited.Description: An out-of-bounds write issue was addressed with improvedbounds checking.CVE-2022-32894: an anonymous researcherWebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: An out-of-bounds write issue was addressed with improvedbounds checking.WebKit Bugzilla: 243557CVE-2022-32893: an anonymous researcherThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.6.1 and iPadOS 15.6.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmL9UiMACgkQ4RjMIDkeNxkiuw/+IhqxvCCS9q8hQMHDpFvVVmFdfO+7ukTVSpd12Cp5r0VGVP/zJOCecXR1cnFHIPx8zVZXzQzsa+lCSWhT+20qOiuCjpqWNVY9pCovCPds3r1hhL2/1H0KejGK2Ms910r+yxvEmhzz0MPk95d5+k+LaBPC1sfuNVTn9eUXImPDuLzLIyd8nW5khjNWspOIlS82VNBAcw8VQMxjgsiD6lhSsqvdkBPNhbI4/mMeIEXOOb+fRtHUOtorGLF2R1DzU1zmPLytcPGE+hxVXnR5F1z/+ea1DEWumvzSNfwja9HI2xPfmm9E8Pomq9lkSEW8cxlqAdKY2/cQ2B2I7ihJ3REfJjSnhXqTsuad1jVn9k1t8ZmKBWh6bgOQKQQg9BfIhcCeL398fmRUZQG1h6zo33MukUMMjfTgRjrjxhETLYCZQybjFAC4s98j2S0oyUpKaBUHc+tL/uupW01LwzP53SR2e4rBQhi+ACqiCEoJKAHYfJaj6YeblILiM6SaQdfbsiCzSIqM6nJLl5ZIYn6rXEEKGyGpKMAYXvc7FsR691DTQxMiQ8KcraoCwAerLzviWOF2tVNmDYkv5EFnXhSB4+uYzViSQhPKM8s2DRhP/WhxdVF3woRhIyHLq60SqKoFKvQwTVTugIFIR4cGfsfAbV7zCBhqH7+fKBGfLeTOBCH7ULE=SLRt-----END PGP SIGNATURE-----

Apple Security Advisory 2022-08-17-1

Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1iOS 16.3.1 and iPadOS 16.3.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213635.KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A use after free issue was addressed with improvedmemory management.CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of GoogleProject ZeroWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, iPad mini5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A type confusion issue was addressed with improvedchecks.WebKit Bugzilla: 251944CVE-2023-23529: an anonymous researcherAdditional recognitionWe would like to acknowledge The Citizen Lab at The University ofToronto’s Munk School for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.3.1 and iPadOS 16.3.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDkeNxk00xAA6vBGZD0tv5wi0q4B8jiJ3oz5/Om05bfUPLziPG1MvWzcFZYpQmdS+OJWq219S6uDt0m0ojPLkUgcxQ5OmQ/ViwMbawZaVOpe6aIem33iGkWFyGhvgU7EDLwJcIaXd7pMxfkI28AZUgd8Brf/UXnt1Ja13+ixDnrGT2C+3G+kst17+PZZ0bZj+MwtxDuPW6uLDegjTmjNXzWuo/mSm2MChzoygsbUOPa0Y29OhmgRCbLu/nOCcPcWRk5iYlSZU5efZ7yqpjMdIt36TCD/yAd0uttebgnKMMLNjQjDAbPj0j+5NiAmYx75DYksYCnbs+LRMJ9Fik7lA6ihCavJwgq/PZ5NKR/xA6utkpxQatpT4Swmh2mDabJJK08GT+UsTfnxRgwPnyOEcSBAg7IaMc6BxIUiVrosp4u+ZYO0QnR6z0CgI+2zqTb+HcCjOpmCYwDz8pvyO7zZF1SdZZpc6GXsxX/Aq5FahSeWQY1x4i0qbiy0AsP7JBcMbAOStKPV14Q9UJ1iTbxI1aaLYxwWmawhN2iCnfjOc+nTC6X5gNtXSF+TRtgGUO8Wr039PgF7MqJ+24UYjf0IdD9tCRaIHBGpUwFKsHhSk/hRsGi4Yov9U5Bu1BKGvTHwx714vW6p/vjKajjiP6ljtr7TDwkq1SRPSecX3jrrAGkNoJOw+0xOW5s==RxGI-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-1

Apple Security Advisory 2023-04-07-1 - iOS 16.4.1 and iPadOS 16.4.1 addresses code execution, out of bounds write, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-04-07-1 iOS 16.4.1 and iPadOS 16.4.1iOS 16.4.1 and iPadOS 16.4.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213720.IOSurfaceAcceleratorAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivileges. Apple is aware of a report that this issue may have beenactively exploited.Description: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group andDonncha Ó Cearbhaill of Amnesty International’s Security LabWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A use after free issue was addressed with improvedmemory management.WebKit Bugzilla: 254797CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group andDonncha Ó Cearbhaill of Amnesty International’s Security LabThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.4.1 and iPadOS 16.4.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQwYroACgkQ4RjMIDkeNxk/Iw/9GD1PXcIq1OFLv/N8t8bEqTUhuDqbFdQ3NLcbzmSO+XnoueqvlYvXtJr/w0wv0yAo6lxkLODuI+kVX9hjbqHZzUezCkugzvz4TXWgmQI6V7+TKXC9KA7jGxH6ZUMf1a+u+0jkFRUEUsaUHxOvScSVAmw2hlJvIlnYyK/E6O5ZJrua1cBQ2pQX2hlDIYUJaNZy3E9MlSKzZclDIszckvO1yVkfEzOkdh8laZoHQ3zN+QfKXvb9IoMmO715gaNYHoO141d0RqL5nyegu4e5lYb951o0DGph2usCrCrpFD0sSquAKNriwV5tJ/DPlrStMnktYX8iogCBT/T2/AevAmrdPOil7A/2rX5pSNRifnYdAnku8FdF2zxqKdMRt10fwI4YOl2IADKz/khPtig5fcYIwcpkXgavQ0N738hg4ugF9K18S5IdY2RSTN1SQtfRjWKus6I7MgGtdIp7MW1koB/j0bF6b5Xw9GefweUzSNvn+EZT2jVLHfiD/ILkKph/QXeiQfe3VGHOs89mHY750QmuAiAT9v24IkCfni5uvrRmApJiBB8w8Hnhq1aJa+09fxiVfPwVTrKqauI5cL2p0D9iWcjlWC8W1rJR5gO2Ge8twfgbMVCXfXmD9WhEb5Z6vSNlpJLy7xXSJTn4fnJNNgJ46lmKeU+G5I2/8xP8VWrsPks==83T6-----END PGP SIGNATURE-----

Apple Security Advisory 2023-04-07-1

Apple Security Advisory 2023-04-10-1 - iOS 15.7.5 and iPadOS 15.7.5 addresses code execution, out of bounds write, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-04-10-1 iOS 15.7.5 and iPadOS 15.7.5iOS 15.7.5 and iPadOS 15.7.5 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213723.IOSurfaceAcceleratorAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: An app may be able to execute arbitrary code with kernelprivileges. Apple is aware of a report that this issue may have beenactively exploited.Description: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group andDonncha Ó Cearbhaill of Amnesty International’s Security LabWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A use after free issue was addressed with improvedmemory management.WebKit Bugzilla: 254797CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group andDonncha Ó Cearbhaill of Amnesty International’s Security LabThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.7.5 and iPadOS 15.7.5".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJEACgkQ4RjMIDkeNxnSrA/9GfJGP3rEWjtK1bSWO5XgjPZIN8xZcYAT2zQCHNM/CREylHDWSoamyMsxsUFkc25u0ok7Ucoj5k+44WXT7bhRqK52H5PDP6b0n3KsUnhJo+up6+AlKgqgomWntzQyjYTe36nArMvHkMAy9car/kj0l6OBAFF2pVXSTU24ubQfYOtAppQp3JNU9UnqhJ/VrQCANwvjHIsdy+EximByL3+tdCTzRi1v5SC4ZntHP0vB66YwFgrkaxmWLa/EXrA9tgJr8YX6k7LUc0MMUJSkcMg7ydojFBeVgHCVdH2rJpL8w6eVrpW7MQ5wcp6XrDm23T1lckVT8WL+LL4414gBjkfOyjjntdllGiH5For84t76bUGYDs6pb69Ztv2uAMRRP8nJAgNpsP++EnEaI0U3jMoEbq0xCv64y/EenkZm3kuTwOeo7l5Q5WzTDJTsdqZMnP+tR7nhCu41UIKN8eOelp/BqRT/4wcT8fvTNLgg/oY6TUPHYydQO48+ZjiBaryn7oXcv+EaDdggkySniijiLI4Dol20J0SHUr6LHOM6AiiMWhz5ZeIawaLcLfw/oP5+U1tio3dPeeTCwjr9hY8BB/a2rPq6UkAuReAS3ZU+b1N5swaVRYaZb41bfW5rfI571XS42mjoCCGJP8TdXk8mWeZgdvAKdLCYbIW2taTPVRhtGwE==DG1t-----END PGP SIGNATURE-----

Apple Security Advisory 2023-04-10-1

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.

**Summary**

Multiple vulnerabilities have been identified for Micro Focus Operations Bridge Manager. CVE-2020-11853: A vulnerability allows remote attackers to execute arbitrary code on affected installations of OBM. An attack requires network access to the OBM application and authentication as a valid user of OBM. CVE-2020-11854: A vulnerability allows remote attackers to execute arbitrary code on affected installations of OBM. An attack requires network access to the OBM application. CVE-2020-11858: A vulnerability allows local attackers on the OBM host to execute code with escalated privileges.

**Reference**

**_SUPPORT COMMUNICATION - SECURITY BULLETIN_**

**Potential Security Impact: Remote Code Execution / Privilege Escalation**

**VULNERABILITY SUMMARY**

Multiple vulnerabilities have been identified for Micro Focus Operations Bridge Manager.

CVE-2020-11853:  A vulnerability allows remote attackers to execute arbitrary code on affected installations of OBM. An attack requires network access to the OBM application and authentication as a valid user of OBM.

CVE-2020-11854: A vulnerability allows remote attackers to execute arbitrary code on affected installations of OBM. An attack requires network access to the OBM application.

CVE-2020-11858: A vulnerability allows local attackers on the OBM host to execute code with escalated privileges.

**SUPPORTED SOFTWARE VERSIONS\*: ONLY impacted versions are listed.**

·         Micro Focus Operations Bridge Manager 2020.05

·         Micro Focus Operations Bridge Manager 2019.11

·         Micro Focus Operations Bridge Manager 2019.05

·         Micro Focus Operations Bridge Manager 2018.11

·         Micro Focus Operations Bridge Manager 2018.05

·         Micro Focus Operations Bridge Manager 10.6x

·         Micro Focus Operations Bridge Manager 10.1x

·         Older versions of Micro Focus Operations Bridge Manager

**CVSS Version 3.0 and Version 2.0 Base Metrics**

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2020-11853

 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.0

CVE-2020-11854

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8

AV:N/AC:L/Au:N/C:C/I:C/A:C

10.0

CVE-2020-11858

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.8

  
**RESOLUTION:**

Micro Focus provides the following mitigation information to resolve the vulnerability for the impacted versions of _Operations Bridge Manager._

 _https://support.microfocus.com/kb/kmdoc.php?id=KM03710375_

**CREDITS:**

**​****Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerabilities.**  

**Third Party Security Patches:** Third party security patches that are to be installed on systems running Micro Focus software products should be applied in accordance with the customer's patch management policy.

**Support:** For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to Product Security Team.

**Report:** To report a potential security vulnerability for any supported product:

·         Web Form: https://mysupport.microfocus.com/psrt

·         Email: security@microfocus.com

**Subscribe:** To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://mysupport.microfocus.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under “product” and “document types”.   
Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- it’s free and easy https://www.microfocus.com/selfreg/jsp/createAccount.jsp

**Security Bulletin Archive:** A list of recently released Security Bulletins is available here: https://mysupport.microfocus.com/security-vulnerability

**Software Product Category:** The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.

3P = 3rd Party Software   
GN = Micro Focus General Software   
MU = Multi-Platform Software 

System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. 

"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." 

© Copyright Micro Focus 

Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2020-11854: KM03747658 - Operation Bridge Manager. arbitrary code execution vulnerabilities

By Owais Sultan
Explore the significance of software support in the fast-paced digital world. Discover how continuous maintenance, bug fixing, feature enhancement, and integration management optimize operations. With expert assistance, enhance security, ensure project continuity, and improve processes for operational excellence
This is a post from HackRead.com Read the original post: Software Support: 7 Essential Reasons You Can’t Overlook

Software technology is driving innovation in the fast-changing digital world. Companies worldwide need excellent software support to achieve operational excellence and competitive differentiation. Agile software solutions enhance operations and help firms adapt to market changes.

Modern organizations require skilled software assistance to manage their complex processes and provide seamless operational flows, data integrity, and an employee- and customer-friendly interface. The predictive maintenance software sector is expected to reach $18,551 million by 2028, according to Fortune Business Insights (2023). Here, digital solutions are being used to streamline operations and reduce costly downtime.

****The Significance of Software Maintenance****

The importance of maintenance and support software are highlighted below:

1.  Continuous Maintenance. To keep up with the ever-evolving technical and commercial environments, software, like any other operational aspect, requires continuous maintenance. To keep the program running smoothly and free of errors, performance concerns, and out-of-date features, regular maintenance is essential.

2.  **Eliminating Bugs:** Fixing bugs is an important part of software maintenance. Finding and fixing bugs in code, hardware, or the operating system without disrupting current functionality is what it’s all about. For the program to function properly and provide the promised benefit, this step is critical.

3.  **Enhancing Capabilities**: Keeping software up-to-date with new features and functionalities keeps it compatible with changing market conditions. Improving platforms and other process components is possible. Businesses may stay ahead by enhancing their skills. 

4.  **Eliminating Obsolete Features:** Some features get stale and may reduce program performance as time goes on. Software needs to update old features with new, modern ones using the latest tools and technologies to stay useful and efficient.

5.  **Enhancing Performance**: The cornerstone of enhancing system performance is implementing regular testing and resolving issues. These activities include data restructuring and coding to safeguard the application against vulnerabilities and hackers.

6.  **Integration Management:** Integration of third-party applications is common in modern software. The entire performance and stability of the product depends on these integrations working as intended, particularly following software changes.

7.  **Efficiency in spending:** Good software support reduces costs by preventing problems and improves how well a business runs, positively affecting profits.

****Software Maintenance and Support: More Than Just the Essentials****

While regular software maintenance is essential for the program’s proper functioning, there are other benefits to investing in maintenance and support:

*   Software maintenance helps keep your company secure from ever-changing cyber threats by applying security patches and updates regularly. It makes your data safer. This is of utmost importance in the modern era that is driven by data.
*   Made sure your project wouldn’t end: Disruption to corporate operations may occur as a result of unforeseen software failures. Proactive maintenance helps keep your project on time and minimizes downtime.

*   Time is saved by mature processes: In order to fix problems and install upgrades effectively, seasoned software maintenance teams have developed procedures. Your company’s internal IT resources may then be reallocated to other strategic endeavours.
*   Improving software maintenance makes adding new features simpler and cheaper, reducing update costs and time.
*   Continuous support and technical assistance from software maintenance firms prepare you for any challenges with a team of professionals.

Software maintenance may improve technology, customer service, competitiveness, and operational excellence for enterprises.

****Recap****

Strong software support for the evolving business world. Additionally, it offers various support channels like technical help and live chat customer service. This support is crucial for operational success, staying ahead of competitors, ensuring smooth user experiences, protecting data, maintaining projects, saving time, reducing costs, and solving problems with expert help.

1.  What Is Incident Management Software?
2.  Top Software Development Outsourcing Trends
3.  AI Assistants: Breakthroughs in Software Development
4.  Integrating Pay-Per-Minute Chat Software in Customer Service
5.  Exploring Software Categories: From Basics to Specialized Apps

Software Support: 7 Essential Reasons You Can’t Overlook

Zephyr RTOS versions 3.5.0 and below suffer from a multitude of buffer overflow vulnerabilities.

Zephyr RTOS 3.x.0 Buffer Overflows

Government agencies have been asking Apple and Google for metadata related to push notifications, but the companies aren't allowed to tell users about it.

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apple’s servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by Google.

But, it seems, it’s not just Apple and Google who can view them.

In a letter to Attorney General Merrick B. Garland, Senator Ron Wyden urged the Department of Justice (DOJ) to “permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records.”

And, since Apple and Google serve as intermediaries in the delivery of these push notifications this puts them in “a unique position to facilitate government surveillance of how users are using particular apps, “ wrote Senator Wyden.

The type of information varies from app to app, but in certain cases, it might also contain unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in a notification.

In the letter, Senator Wyden asked the DOJ to repeal or modify any policies that hinder public discussions of push notification spying.

> “Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data.”

The reason for this request stems from the fact that Apple and Google told the senator’s staff that information about this practice is restricted from public release by the government.

Apple said in a statement that it welcomed Wyden’s letter as it gave the opening it needed to share more details with the public about how governments monitored push notifications.

A source familiar with the matter confirmed to Reuters that both foreign and US government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.

This is possible because the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. So, if you’re using a messaging app which you’d like not to be tied to your device or online accounts, you probably shouldn’t allow those apps to show you notifications and instead check manually whether there are new messages.

**Disabling notifications**

After writing the above I went over the list of apps that had permissions to send me notifications and limited this to a few that I feel I need and won’t do too much harm. If you want to do the same, here is what you can do.

On Android devices open your **Settings** app and click on **Notifications**. In the dropdown menu, tap **All apps**. Here you can turn the app’s notifications on or off. There could be slight variations due to Android version and phone vendors.

On iPhones and iPads open the **Settings** app and click on **Notifications**. You’ll see a list of apps that are allowed to show push notifications. To disable them, you need to click on the individual app in that list and disable notifications (turn the slider from green to grey).

No doubt there is more to come on this story. We’ll keep you updated.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 US government is snooping on people via phone push notifications, says senator 

### Impact
Payment status in basket isn't reset


**Affected versions**

\>= 2023.04.1, < 2023.10.9

\>= 2022.04.1, < 2022.10.8

\>= 2021.04.1, < 2021.10.8

< 2020.10.15

Search

lenovo warranty check/lookup | check warranty status | lenovo support us