#ldap

Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access to arbitrary user accounts including administrators. In case administrative (in the context of Visual Planning) accounts are compromised, attackers can install malicious modules into the application to take over the application server hosting the Visual Planning application. All versions prior to Visual Planning 8 (Build 240207) are affected.

A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route. The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses. If exploited, attackers are able to gain administrative access to the REST API version 2.0.

As part of its Secure by Design initiative, CISA urged companies to redouble efforts to quash SQL injection vulnerabilities. Here's how.

Red Hat Security Advisory 2024-1601-03 - An update for curl is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5.

Red Hat Security Advisory 2024-1353-03 - An update is now available for Red Hat Process Automation Manager. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.

Artificial intelligence (AI) has been evolving as one of the top priorities for organizations because of the increasing volume of data being generated from core data centers to the edge. Similarly, the adoption of Kubernetes in the past 10 years has resulted in improved scalability, reliability and business resilience.While Kubernetes has resulted in immense benefits, operational management and security continue to be challenging. Managing software supply chain integrity, monitoring the security of container images and runtime environments and enforcing compliance policies can be overwhelming.

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.

Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal.

Red Hat Security Advisory 2024-1129-03 - An update for curl is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.