VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

Advisory ID: VMSA-2022-0021.1

CVSSv3 Range: 4.7-9.8

Issue Date: 2022-08-02

Updated On: 2022-08-09

CVE(s): CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

Synopsis: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.

Share this page on social media

Sign up for Security Advisories

****1\. Impacted Products****

*   VMware Workspace ONE Access (Access)
*   VMware Workspace ONE Access Connector (Access Connector)
*   VMware Identity Manager (vIDM)
*   VMware Identity Manager Connector (vIDM Connector)
*   VMware vRealize Automation (vRA)
*   VMware Cloud Foundation
*   vRealize Suite Lifecycle Manager

****2\. Introduction****

Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.

****3a. Authentication Bypass Vulnerability (CVE-2022-31656)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

To remediate CVE-2022-31656, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

Workarounds for CVE-2022-31656 have been documented in the VMware Knowledge Base articles listed in the 'Workarounds' column of the 'Response Matrix' below.

VMware has confirmed malicious code that can exploit CVE-2022-31656 in impacted products is publicly available.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3b. JDBC Injection Remote Code Execution Vulnerability (CVE-2022-31658)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.

A malicious actor with administrator and network access can trigger a remote code execution. 

To remediate CVE-2022-31658, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3c. SQL injection Remote Code Execution Vulnerability (CVE-2022-31659)****

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.

A malicious actor with administrator and network access can trigger a remote code execution. 

To remediate CVE-2022-31659, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware has confirmed malicious code that can exploit CVE-2022-31659 in impacted products is publicly available.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3d. Local Privilege Escalation Vulnerability (CVE-2022-31660, CVE-2022-31661)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. VMware has evaluated the severity of these issues to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

A malicious actor with local access can escalate privileges to 'root'. 

To remediate CVE-2022-31660 and CVE-2022-31661 apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Spencer McIntyre of Rapid7 for reporting these issues to us.

****3e. Local Privilege Escalation Vulnerability (CVE-2022-31664)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

A malicious actor with local access can escalate privileges to 'root'. 

To remediate CVE-2022-31664, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Steven Seeley (mr\_me) of Qihoo 360 Vulnerability Research Institute for reporting this issue to us.

****3f. JDBC Injection Remote Code Execution Vulnerability (CVE-2022-31665)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.6.

A malicious actor with administrator and network access can trigger a remote code execution. 

To remediate CVE-2022-31665, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Steven Seeley (mr\_me) of Qihoo 360 Vulnerability Research Institute for reporting this issue to us.

****3g. URL Injection Vulnerability (CVE-2022-31657)****

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

To remediate CVE-2022-31657, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Tom Tervoort of Secura for reporting this issue to us.

****3h. Path traversal vulnerability (CVE-2022-31662)****

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. VMware has evaluated the severity of this issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access may be able to access arbitrary files. 

To remediate CVE-2022-31662, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3i. Cross-site scripting (XSS) vulnerability (CVE-2022-31663)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issues to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

To remediate CVE-2022-31663, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

**Response Matrix - Access 21.08.x**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31658

8.0

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31659

8.0

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31660, CVE-2022-31661

7.8

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31664

7.8

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31665

7.6

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31657

5.9

moderate

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31663

4.7

moderate

KB89096

None

FAQ

**Response Matrix - Identity Manager 3.3.x**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31658

8.0

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31659

8.0

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31660, CVE-2022-31661

7.8

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31664

7.8

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31665

7.6

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31657

5.9

moderate

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31663

4.7

moderate

KB89096

None

FAQ

**Response Matrix - Connectors**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Access Connector

22.05

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

Access Connector

21.08.0.1, 21.08.0.0

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

vIDM Connector

3.3.6, 3.3.5, 3.3.4

Windows

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vIDM Connector

3.3.6, 3.3.5, 3.3.4

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

vIDM Connector

19.03.0.1

Windows

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vIDM Connector

19.03.0.1

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

**Response Matrix - vRealize Automation (vIDM)**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vRealize Automation \[1\]

8.x

Linux

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31658

8.0

important

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31659

8.0

important

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31660, CVE-2022-31661

7.8

important

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31664

7.8

important

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31665

7.6

important

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31657

5.9

moderate

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vRealize Automation (vIDM) \[2\]

7.6

Linux

CVE-2022-31663

4.7

moderate

KB89096

None

FAQ

\[1\] vRealize Automation 8.x is unaffected since it does not use embedded vIDM. If vIDM has been deployed with vRA 8.x, fixes should be applied directly to vIDM.  
\[2\] vRealize Automation 7.6 is affected since it uses embedded vIDM.

**Impacted Product Suites that Deploy vIDM**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Cloud Foundation (vIDM)

4.4.x, 4.3.x, 4.2.x

Any

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

VMware Cloud Foundation (vIDM)

4.4.x, 4.3.x, 4.2.x

Any

CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31657, CVE-2022-31662, CVE-2022-31663

8.0, 8.0, 7.8, 7.8, 7.8, 7.6, 5.9, 5.3, 4.7

important

KB89096

None

FAQ

vRealize Suite Lifecycle Manager (vIDM)

8.x

Any

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

vRealize Suite Lifecycle Manager (vIDM)

8.x

Any

CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31657, CVE-2022-31662, CVE-2022-31663

8.0, 8.0, 7.8, 7.8, 7.8, 7.6, 5.9, 5.3, 4.7

important

KB89096

None

FAQ

**Impacted Product Suites that Deploy vRA**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31658, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31662, CVE-2022-31663

8.0, 7.8, 7.8, 7.8, 7.6, 5.3, 4.7

important

KB89096

None

FAQ

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31659

N/A

N/A

Unaffected

N/A

N/A

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31657

N/A

N/A

Unaffected

N/A

N/A

****4\. References****

****5\. Change Log****

**2022-08-02: VMSA-2022-0021  
**Initial security advisory.

2022-08-09: VMSA-2022-0021.1

Updated advisory with information that VMware has confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available.

****6\. Contact****

CVE-2022-31658: VMSA-2022-0021

Now-patched RCE bug impacts dozens of DrayTek Vigor router models

James Walker 05 August 2022 at 14:15 UTC

Now-patched RCE bug impacts dozens of DrayTek Vigor router models

A critical security vulnerability impacting DrayTek Vigor routers could allow unauthenticated attackers to gain full access to victim networks.

The flaw affects the Taiwanese hardware manufacturer’s popular Vigor 3910 router, along with nearly 30 other models that share the same codebase.

**200,000 exposed devices**

The DrayTek router vulnerability was discovered by researchers from Trellix, who found that by triggering a buffer overflow in the web management interface, they could take over the underlying DrayOS.

Tracked as CVE-2022-32548, the vulnerability earned a maximum CVSS score of 10, as this attack requires no authentication to achieve remote code execution (RCE).

“During our research we uncovered over 200,000 devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited,” Trellix security researcher Philippe Laulheret writes in a technical blog post.

**‘Complete compromise’**

Exploiting this vulnerability can lead to a complete compromise of the device and can enable a malicious actor to access internal resources of the breached networks.

Failed exploitation attempts can lead to device reboot, denial of service, and other abnormal behavior.

Read more of the latest network security news

A security advisory released yesterday (August 4) includes the full list of impacted router models.

“Our standard best practice recommendation is to always keep firmware up to date, but we recommend that you check that affected units are running at least the firmware version \[listed\],” the vendor said.

**Patch window**

As outlined in an accompanying CERT NZ advisory this week, there has been no evidence to indicate that this vulnerability has been exploited in the wild.

“However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised,” the advisory reads.

Greg Fitzgerald, co-founder of Sevco Security, said: “Identifying and patching the known routers is a must, but organizations will still be vulnerable if there are abandoned devices connected to the network that are affected.”

_The Daily Swig_ has asked the researchers if they have seen a reduction in the number of exposed devices since the fixes were pushed out. This article will be updated when fresh information comes to hand.

The Trellix team will release more details about how the vulnerability was discovered and exploited in an upcoming presentation at Hexacon in France on October 14-15.

**RECOMMENDED** Chromium site isolation bypass allows wide range of attacks on browser

High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation

**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

104.0.1293.47

8/5/2022

104.0.5112.79/80/81

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220614**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220614)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-33636: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

By Deeba Ahmed
This hasn’t been a great week for the crypto community. On Monday, the Nomad bridge got exploited and…
This is a post from HackRead.com Read the original post: Thousands of GitHub Repositories Cloned in Supply Chain Attack

This hasn’t been a great week for the crypto community. On Monday, the Nomad bridge got exploited and lost nearly $200 million. Then on Wednesday, Hackread.com **reported** that roughly 8,000 Solana blockchain wallets were hacked, and approx. $8 million worth of crypto drained from its wallets.

Now, the GitHub developer platform has become the victim of a malware attack in which the attackers cloned thousands of repositories. This supply chain attack allows attackers to exfiltrate data and perform RCE.

**GitHub Facing Widespread Malware Attack**

According to developer **Stephen Lucy**, around 35,000 GitHub repositories have been cloned with malware. The incident was reported on Wednesday when the developer was confronted with the issue while reviewing a GitHub project found through Google search (search phrase= ovz1.j19544519.pr46m.vps.myjinoru).

Lucy noticed a malicious URL included in the code, and when GitHub repositories were scanned for this URL, it gave over 35,000 results.

It is however worth noting that crypto repositories weren’t targeted in the malware attack. However, these are among the impacted repositories. GitHub was notified about the issue on August 3.

**More Github Security News**

*   **New backdoor malware hits Slack and Github platforms**
*   **GitHub Will Now Support Security Keys for SSH Git Operations**
*   **Hackers use Github bot to steal $1,200 in ETH within 100 seconds**
*   **GitHub: Hackers Stole OAuth Access Tokens to Target Dozens of Firms**
*   **Hackers can spoof commit metadata to create false GitHub repositories**

**Were the Repositories Hacked?**

Bleeping Computer **wrote** that the repositories weren’t hacked, but actually, these were copied with their clones. These clones were modified to insert malware.

For your information, cloning open source code is common among developers. But, in this case, the attackers injected malicious code/links into genuine GitHub projects to target innocent users.

Furthermore, over 13,000 search results were obtained from a single repository identified as ‘redhat-operator-ecosystem.’ The malicious link exfiltrated the environment variables, which contain sensitive data like **Amazon AWS credentials**, API keys, and crypto keys, and also contained a one-line backdoor. The malware also lets remote attackers execute arbitrary code on those systems that install/run the clones.

The attack has impacted many crypto projects. These include Golang, Bash, Python, Docker, JavaScript, and Kubernetes. GitHub confirmed that the original repositories weren’t compromised, and the clones have been quarantined and cleaned.

This attack is difficult to spot because genuine GitHub user accounts are spoofed on commits. It is possible because GitHub requires an email address to attribute commits to users, and they can sign commits with GPG.

Since fakes of legit projects can retain past commits and pull requests from genuine users, it becomes difficult to detect fakes. This supply chain attack will not affect those using original GitHub projects.

1.  Iran’s Largest Steel Producer Hit By Crippling Cyberattack
2.  Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices
3.  DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply Chain
4.  VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware
5.  Cloud video platform abused in web skimmer attack against real estate sites

Thousands of GitHub Repositories Cloned in Supply Chain Attack

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.

A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky's VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim's computer.

Tracked as CVE-2022-27535, the bug carries a high-severity CVSS score of 7.8 out of 10, according to an advisory out today from Synopsys, which discovered the issue. It exists in the Support Tools part of the application, and would allow an authenticated attacker to trigger arbitrary file deletion in the system.

"it could lead to device malfunction or the removal of important system files required for correct system operation," according to a Kaspersky spokesperson. "To execute this attack, an intruder had to create a specific file and convince users to run 'Delete all service data and reports' or 'Save report on your computer" product features.'"

While remote code execution (RCE) bugs tend to hog the patching spotlight, LPE flaws deserve recognition as they're often linchpins within a wider attack flow. After cybercriminals gain initial access to a target via RCE or social engineering, LPEs are generally used by attackers to boost their privileges from a normal user profile to SYSTEM – i.e., the highest privilege level in the Windows environment.

With these kinds of local admin privileges, an attacker can then gain further access to the network, and ultimately a company's crown jewels.

"A fully compromised computer would allow an attacker access to websites, credentials, files, and other sensitive information that could be useful by itself, or useful in moving laterally inside a corporate network," Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center, tells Dark Reading.

Kaspersky's VPN Secure Connection offers remote workers a supposedly secure way to tie back to a corporate network and resources, and Knudsen notes that the bug discovery points out an important truism: "All software has vulnerabilities, even security software. The key to releasing better, more secure software is using a development process where security is part of every phase."

He adds that Synopsys hasn't seen any exploitation of the bug, but "most likely attackers will take note of it as a possible technique." Users should upgrade to version 21.7.7.393 or later to patch their systems.

High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-25168

Gentoo Linux Security Advisory 202208-1 - A vulnerability in lib3mf could lead to remote code execution. Versions less than 2.1.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: 3MF Consortium lib3mf: Remote code execution  
     Date: August 04, 2022  
     Bugs: #775362  
       ID: 202208-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability in lib3mf could lead to remote code execution.

Background  
=========  
lib3mf is an implementation of the 3D Manufacturing Format file  
standard.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/lib3mf          < 2.1.1                      >= 2.1.1

Description  
==========  
Incorrect memory handling within lib3mf could result in a use-after-  
free.

Impact  
=====  
An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All 3MF Consortium lib3mf users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/lib3mf-2.1.1"

References  
=========  
[ 1 ] CVE-2021-21772  
      https://nvd.nist.gov/vuln/detail/CVE-2021-21772

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-01

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-01

Gentoo Linux Security Advisory 202208-5 - Multiple vulnerabilities have been found in Icinga Web 2, the worst of which could result in remote code execution. Versions less than 2.9.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Icinga Web 2: Multiple Vulnerabilities  
     Date: August 04, 2022  
     Bugs: #738024, #834802  
       ID: 202208-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in Icinga Web 2, the worst of  
which could result in remote code execution.

Background  
=========  
Icinga Web 2 is a frontend for icinga2.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-apps/icingaweb2        < 2.9.6                      >= 2.9.6

Description  
==========  
Multiple vulnerabilities have been discovered in Icinga Web 2. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Icinga Web 2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apps/icingaweb2-2.9.6"

References  
=========  
[ 1 ] CVE-2020-24368  
      https://nvd.nist.gov/vuln/detail/CVE-2020-24368  
[ 2 ] CVE-2022-24714  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24714  
[ 3 ] CVE-2022-24715  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24715  
[ 4 ] CVE-2022-24716  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24716

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-05

Gentoo Linux Security Advisory 202208-3 - A vulnerability in Babel could result in remote code execution. Versions less than 2.9.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Babel: Remote code execution  
     Date: August 04, 2022  
     Bugs: #786954  
       ID: 202208-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability in Babel could result in remote code execution.

Background  
=========  
Babel is a collection of tools for internationalizing Python  
applications.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-python/Babel           < 2.9.1                      >= 2.9.1

Description  
==========  
Babel does not properly restrict which sources a locale can be loaded  
from. If Babel loads an attacker-controlled .dat file, arbitrary code  
execution can be achieved via unsafe Pickle deserialization.

Impact  
=====  
An attacker with filesystem access and control over the locales Babel loads can achieve code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Babel users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-python/Babel-2.9.1"

References  
=========  
[ 1 ] CVE-2021-20095  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20095

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-03

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-03

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-02- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Go: Multiple Vulnerabilities     Date: August 04, 2022     Bugs: #754210, #766216, #775326, #788640, #794784, #802054, #806659, #807049, #816912, #821859, #828655, #833156, #834635, #838130, #843644, #849290, #857822, #862822       ID: 202208-02- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been found in Go, the worst of which couldresult in remote code execution.Background=========Go is an open source programming language that makes it easy to buildsimple, reliable, and efficient software.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  dev-lang/go                < 1.18.5                    >= 1.18.5Description==========Multiple vulnerabilities have been discovered in Go. Please review theCVE identifiers referenced below for details.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Go users shoud upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">Þv-lang/go-1.18.5"In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:  # emerge --ask --oneshot --verbose @golang-rebuildReferences=========[ 1 ] CVE-2020-28366      https://nvd.nist.gov/vuln/detail/CVE-2020-28366[ 2 ] CVE-2020-28367      https://nvd.nist.gov/vuln/detail/CVE-2020-28367[ 3 ] CVE-2021-27918      https://nvd.nist.gov/vuln/detail/CVE-2021-27918[ 4 ] CVE-2021-27919      https://nvd.nist.gov/vuln/detail/CVE-2021-27919[ 5 ] CVE-2021-29923      https://nvd.nist.gov/vuln/detail/CVE-2021-29923[ 6 ] CVE-2021-3114      https://nvd.nist.gov/vuln/detail/CVE-2021-3114[ 7 ] CVE-2021-3115      https://nvd.nist.gov/vuln/detail/CVE-2021-3115[ 8 ] CVE-2021-31525      https://nvd.nist.gov/vuln/detail/CVE-2021-31525[ 9 ] CVE-2021-33195      https://nvd.nist.gov/vuln/detail/CVE-2021-33195[ 10 ] CVE-2021-33196      https://nvd.nist.gov/vuln/detail/CVE-2021-33196[ 11 ] CVE-2021-33197      https://nvd.nist.gov/vuln/detail/CVE-2021-33197[ 12 ] CVE-2021-33198      https://nvd.nist.gov/vuln/detail/CVE-2021-33198[ 13 ] CVE-2021-34558      https://nvd.nist.gov/vuln/detail/CVE-2021-34558[ 14 ] CVE-2021-36221      https://nvd.nist.gov/vuln/detail/CVE-2021-36221[ 15 ] CVE-2021-38297      https://nvd.nist.gov/vuln/detail/CVE-2021-38297[ 16 ] CVE-2021-41771      https://nvd.nist.gov/vuln/detail/CVE-2021-41771[ 17 ] CVE-2021-41772      https://nvd.nist.gov/vuln/detail/CVE-2021-41772[ 18 ] CVE-2021-44716      https://nvd.nist.gov/vuln/detail/CVE-2021-44716[ 19 ] CVE-2021-44717      https://nvd.nist.gov/vuln/detail/CVE-2021-44717[ 20 ] CVE-2022-1705      https://nvd.nist.gov/vuln/detail/CVE-2022-1705[ 21 ] CVE-2022-23772      https://nvd.nist.gov/vuln/detail/CVE-2022-23772[ 22 ] CVE-2022-23773      https://nvd.nist.gov/vuln/detail/CVE-2022-23773[ 23 ] CVE-2022-23806      https://nvd.nist.gov/vuln/detail/CVE-2022-23806[ 24 ] CVE-2022-24675      https://nvd.nist.gov/vuln/detail/CVE-2022-24675[ 25 ] CVE-2022-24921      https://nvd.nist.gov/vuln/detail/CVE-2022-24921[ 26 ] CVE-2022-27536      https://nvd.nist.gov/vuln/detail/CVE-2022-27536[ 27 ] CVE-2022-28131      https://nvd.nist.gov/vuln/detail/CVE-2022-28131[ 28 ] CVE-2022-28327      https://nvd.nist.gov/vuln/detail/CVE-2022-28327[ 29 ] CVE-2022-29526      https://nvd.nist.gov/vuln/detail/CVE-2022-29526[ 30 ] CVE-2022-30629      https://nvd.nist.gov/vuln/detail/CVE-2022-30629[ 31 ] CVE-2022-30630      https://nvd.nist.gov/vuln/detail/CVE-2022-30630[ 32 ] CVE-2022-30631      https://nvd.nist.gov/vuln/detail/CVE-2022-30631[ 33 ] CVE-2022-30632      https://nvd.nist.gov/vuln/detail/CVE-2022-30632[ 34 ] CVE-2022-30633      https://nvd.nist.gov/vuln/detail/CVE-2022-30633[ 35 ] CVE-2022-30635      https://nvd.nist.gov/vuln/detail/CVE-2022-30635[ 36 ] CVE-2022-32148      https://nvd.nist.gov/vuln/detail/CVE-2022-32148[ 37 ] CVE-2022-32189      https://nvd.nist.gov/vuln/detail/CVE-2022-32189Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-02Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Tag

#rce