SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.

CVE-2020-21120: SQL Injection Prevention - OWASP Cheat Sheet Series

SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-21119: SQL Injection Vulerable. · Issue #259 · Kliqqi-CMS/Kliqqi-CMS

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Release date: February 15, 2023

These release notes describe the new features, improvements, and fixed issues in SolarWinds Platform 2023.1. They also provide information about upgrades and describe workarounds for known issues.

Learn more

*   For information on latest hotfixes, see SolarWinds Platform Hotfixes.
*   For release notes for previous SolarWinds Platform versions, see Previous Version documentation.
*   For information about requirements, see SolarWinds Platform 2023.1 System Requirements.
*   For information about working with the SolarWinds Platform, see the SolarWinds Platform Administrator Guide.

**New features and improvements in SolarWinds Platform**

Return to top

SolarWinds Platform 2023.1 offers the following improvements compared to previous releases of SolarWinds Platform.

**AlertStack**

AlertStack is a new feature that can help reduce alert noise and assist in possible root cause analysis to give you a quicker MTTR (mean time to resolution). AlertStack is an opt-in feature that must be turned on in AlertStack settings. AlertStack continually monitors alerts and change events and correlates these using SolarWinds Platform topological information, pulling associated events and alerts together into a single alert cluster. The alert cluster stays activated, and correlated alerts will continue to be added to the cluster, for as long as any associated alerts remain active.

AlertStack is disabled by default and can be enabled after upgrading by navigating to All Settings > Product Specific Settings > AlertStack Settings.

**Other improvements**

*   SolarWinds Platform agent installer packages and Linux/AIX repositories are signed.
    
*   SWIS REST Endpoint is now available on port 17774. You can use a custom HTTPS certificate for this port and disable SWIS REST endpoint on 17778. See Disable port 17778 for SWIS Endpoint.
    
    In 2023.1, you can continue using port 17778. However, please note that it is being deprecated and will not be supported in a future version.
    
*   SolarWinds Platform 2023.1 improves the Kerberos protocol for WMI authentication by adding support for the SAM module. See Configure Kerberos for WMI authentication in the SolarWinds Platform.
    

**New customer installation**

Return to top

For information about installing SolarWinds Platform, see SolarWinds Installer.

**How to upgrade**

Use the SolarWinds Installer to upgrade your entire SolarWinds Platform deployment (all SolarWinds Platform products and any scalability engines) to the current versions.

You must be on Orion Platform 2020.2.1 or later to upgrade to SolarWinds Platform 2023.1. If you are on Orion Platform 2020.2 or earlier, first upgrade to 2020.2.6 and then upgrade to 2023.1.

**Before you upgrade from 2020.2.x**

*   Before upgrading from Orion Platform 2020.2.6 and earlier to SolarWinds Platform 2022.3 or later, make sure the database user you use to connect to your SQL Server has the **db create** privilege. **Without this privilege, the upgrade will not complete.**
    
*   The legacy syslog and traps functionality has been retired and replaced with new functionality called SolarWinds Log Viewer, which can be upgraded to Log Analyzer for additional capabilities. Current rules and history will automatically be migrated to the new logging functionality (SolarWinds Log Viewer or Log Analyzer). The functionality of SolarWinds Log Viewer and Log Analyzer has been improved to more closely match legacy functionality. See LA 2022.3 release notes for details.
    
    If you built syslog and trap alerts using custom SQL queries, they will not function after upgrading to 2022.3 or later. SolarWinds recommends you rewrite the alerts using SWQL (Orion.OLM entities) or using the alerting functionality built into Log Viewer/Log Analyzer.
    
*   Some upgrade situations from the Orion Platform to the SolarWinds Platform are not supported and the installer will stop the upgrade automatically.
    *   If you have a SQL Server older than 2016.
    *   If you have an Orion Platform product version 2020.2 or earlier.

**Fixed issues**

Return to top

SolarWinds Platform 2023.1 fixes the following issues.

 

Case Number

Description

938365, 987784, 1049100, 1084320, 1120320, 1183057

The issue where the Database Maintenance failed to execute 'Finalize Maintenance' was addressed. Fixed in the GA version.

1268655, 1268939, 1270366, 1273013, 1275253

The SQL Script issue preventing the Configuration Wizard from completing was addressed. Fixed in the GA version.

1253873, 1254055, 1254256, 1254257, 1254265, 1254276, 1254278, 1254303, 1254316, 1254326, 1254333, 1254339, 1254372, 1254403, 1254405, 1254414, 1254435, 1254499, 1254502, 1254523

Auto-geolocation issues in the Worldwide Map were addressed. Fixed in the GA version.

1229888, 1235682

The issue where HTML reports layout was broken when using the MailBee SMTP client was addressed.

1208950, 1226555, 1234992

The issue where upgrading Scalability Engines failed when the SolarWinds Administration service on the main polling engine had been updated was addressed.

1230025

The issue where pre-staging of upgrade files failed was addressed.

1204779, 1206691, 1233017, 1243901

The issue where the Configuration wizard failed to connect to RabbitMQ because of a timeout was addressed.

1241585

Offline help instructions were updated.

1211020, 1214429

The issue where new SolarWinds Platform agent installations were not using FQDN was addressed.

1197599, 1248066

The issue where a new SolarWinds Platform databasecould not be installed on Azure SQL due to incorrectly detected SQL version was addressed.

1212089

The issue where a table widget did not update vendor icon properly was addressed.

1105407, 1192112, 1201507, 1213144

The issue where the Custom Properties for Nodes widget didn’t show data was addressed.

1197642

The issue where shared actions are not re-created during alert import when the original shared action doesn’t exist were addressed.

1201173

The issue where the Configuration Wizard enabled Windows Authentication even if the user did not select the option was addressed.

1198432

The issue where the Maintenance Expiration pre-installation check did not work for old bundle licenses was addressed.

1195664

The issue where a group added on a SolarWinds Platform Map was not shown an All Groups was addressed.

1162734

The issue where a 2020.2.\* installer could not be used on an environment where a 2022.\* installer was run was addressed.

1237949

The HTTP 500 Internal Server Error caused by blank StyleSheet setting was addressed.

636868

The issue where the Database Maintenance failed was addressed.

1132904

The issue where SolarWinds Platform agent installed in the root folder ended non-SolarWinds Platform agent processes was addressed.

1190747

The issue where canceling an upgrade stuck on Active Diagnostics tests was addressed.

1185124

The issue where PDF reports generated by alert or report actions were blurred by a Pendo popup was addressed.

444472, 479695

The issue where topology polling timeout was not retained after the upgrade was addressed.

1218043

The issue when running a simple task in the Unmanage Utility was addressed.

561899, 1120328

The issue where special characters in the preview blocked creating a report was addressed.

732106, 1120328

The issue where reports failed due to a 'hexadecimal value 0x01 is an invalid character' message was addressed.

809693

The issue where the SNMPv3 credentials set was updated unexpectedly on the Edit Node view was addressed.

1151608, 1193149, 1202770, 1205056, 1216386, 1231980, 1235579, 1242067, 1252490

The issue where groups based on node custom properties are unsorted in widgets was addressed.

1162222

The issue where a LogAdjuster record for SAML and Account Management was missing was addressed.

615600, 947219, 947737, 989480

The issue where unmanaged status was incorrectly used for group availability was addressed.

46302, 213954, 255637, 691325, 777333

The issue where List Resources cannot proceed a big number of resources thus preventing the user to add a node was addressed.

1094013

The issue with filters in the Worldwide Map widget was addressed.

915697

The issue where Linux agent deployment methods were not working with FIPS was addressed.

938027

The issue where the Discovery job keeps WMI attempts when WMI credentials are deleted was addressed.

**CVEs**

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

    

CVE-ID

Vulnerability Title

Description

Severity

Credit

CVE-2022-38111

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

7.2 Medium

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47504

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47503

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47506

SolarWinds Platform Directory Traversal Vulnerability

The SolarWinds Platform was susceptible to the Directory Traversal vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-47507

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2023-23836

SolarWinds Platform Deserialization of Untrusted Data Vulnerability

The SolarWinds Platform was susceptible to the Deserialization of Untrusted Data vulnerability. This vulnerability allows a remote adversary with SolarWinds admin-level account access to messaging service to execute arbitrary commands.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

**Known issues**

Return to top

 

N/A

2023.1 RC displayed as the GA version in Centralized Upgrades

**Issue**: When you upgrade SolarWinds Platform from 2023.1 RC1 to the GA version, the UI displays upgrade from 2023.1 to 2023.1.

**Workaround**: Not available. Functionality is not impacted.

 

1202271, 1246753

Remanaging nodes triggers the Node Reboot alert

**Issue**: When you unmanage a remanage node, the Node Reboot alert gets triggered.

**Workaround**: Before unmanaging nodes, disable the Node Reboot alert. See Mute alerts.

 

1203621, 1225932, 1234310, 1234575, 1239208, 1241208, 1251663

Database maintenance errors related to CMAN\_Containers

**Issue**: When you run Database Maintenance, errors including CMAN\_Container errors are available in the logs.

**Workaround**: Not available. Functionality is not impacted.

 

1052957, 1240424, 1245960, 1256606, 1257671, 1266763, 1276328, 1267382, 1280926

SolarWinds Information Service performance issues when users without admin rights use PerfStack

**Issue**: If users without administrator rights open PerfStack views after the upgrade to 2023.1, SolarWinds Information Service (SWIS) performance issues might occur. SWIS log includes error messages and the SolarWinds Platform Web Console displays warnings about long-running queries.

**Workaround**: Restart the SWIS service.

**End of life**

Return to top

For modules based on Orion Platform 2020.2.6 and earlier, SolarWinds is announcing future end-of-life plans for your convenience. As always, SolarWinds recommends you upgrade to the latest version of your products at your earliest convenience.

   

Version

EOL Announcements

EOE Effective Dates

EOL Effective Dates

2020.2.6

**April 18, 2023**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.6 should begin transitioning to the latest version of SolarWinds Platform.

**May 18, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.6 will no longer be actively supported by SolarWinds.

**May 18, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.6

2020.2.5

**January 18, 2023**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.5 should begin transitioning to the latest version of SolarWinds Platform.

**February 17, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.5 will no longer be actively supported by SolarWinds.

**February 17, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.5.

2020.2.4

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.4 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.4 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.4.

2020.2.1

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2.1 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2.1 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.1.

2020.2

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on Orion Platform 2020.2 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Orion Platform 2020.2 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Orion Platform 2020.2.

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

**Deprecation notices**

Return to top

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

For information about supported versions of SolarWinds products, see Currently supported software versions.

 

Type

Details

Network Atlas

Network Atlas is deprecated as of Orion Platform 2020.2 and will be removed in a future release. SolarWinds recommends that you start using SolarWinds Platform Maps in the SolarWinds Platform Web Console to display maps of physical and logical relationships between entities monitored by the SolarWinds Platform products you have installed.

Port 17778

SWIS REST Endpoint on port 17778 is deprecated as of 2023.1 and will be replaced with port 17774 in a future release. SolarWinds recommends that you start migrating SWIS REST Endpoint to port 17774.

Internet Explorer 11

Internet Explorer 11 is deprecated as of SolarWinds Platform 2023.1 and will be removed in a future release. See SolarWinds Platform Web Console browser requirements for a list of supported browsers.

**Legal notices**

Return to top

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-47507: SolarWinds Platform 2023.1 Release Notes

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

*   Government
*   Customer Portal
*   Partners
    *   Portal Login
    *   Program Overview
    *   Become a Partner
*   Events
*   Contact Us
*   English
    *   Deutsch
    *   Español
    *   Français
    *   日本語
    *   한국어
    *   Português
    *   中文

*   PRODUCTS
    
    *   OBSERVABILITY
        
    *   Network Management
        
    *   Systems Management
        
    *   Database Management
        
    *   IT Service Management
        
    *   Application Management
        
    *   IT Security
        
    *   ALL PRODUCTS & FREE TRIALS
        
    
*   Solutions
    
    *   BY NEED
        
    *   BY INDUSTRY
        
    *   BY TECHNOLOGY
        
    
*   Support
    
*   Community
    
    THWACK
    
    Connect with more than 180,000+ community members. Get help, be heard by us and do your job better using our products.
    
    *   View THWACK
    
*   FREE TRIALS

*   Contact Sales
*   Online Quote
*   

*   PRODUCTS
    *   OBSERVABILITY
        *   SolarWinds Observability
        *   Hybrid Cloud Observability
    *   Network Management
        *   Network Performance Monitor
        *   NetFlow Traffic Analyzer
        *   Network Configuration Manager
        *   IP Address Manager
        *   User Device Tracker
        *   VoIP & Network Quality Manager
        *   Network Automation Manager
        *   Log Analyzer
        *   Network Topology Mapper
        *   Engineer's Toolset
        *   ipMonitor
        *   Kiwi CatTools
        *   Kiwi Syslog Server
        *   Network Bandwidth Analyzer Pack
        *   Log and Network Performance Pack
        *   IP Control Bundle
    *   Systems Management
        *   Server & Application Monitor
        *   Virtualization Manager
        *   Storage Resource Monitor
        *   ipMonitor
        *   Serv-U Managed File Transfer
        *   Serv-U Secured FTP
        *   Server Configuration Monitor
        *   Log Analyzer
        *   Access Rights Manager
        *   AppOptics
        *   Web Performance Monitor
        *   Systems Management Bundle
        *   Server Performance & Configuration Bundle
        *   Log and Systems Performance Pack
        *   Application Performance Optimization Pack
        *   IT Operations Manager
        *   Web Application Monitoring & Performance Pack
    *   Database Management
        *   Database Performance Analyzer
        *   SQL Sentry
        *   Database Performance Monitor
        *   Database Mapper
        *   Task Factory
        *   Database Insights for SQL Server
    *   IT Service Management
        *   Service Desk
        *   Web Help Desk
        *   Dameware Remote Everywhere
        *   Dameware Remote Support
        *   Dameware Mini Remote Control
    *   Application Management
        *   SolarWinds Observability
        *   AppOptics
        *   Server & Application Monitor
        *   Loggly
        *   Log Analyzer
        *   Papertrail
        *   Pingdom
    *   IT Security
        *   Access Rights Manager
        *   Security Event Manager
        *   Server Configuration Monitor
        *   Patch Manager
        *   Identity Monitor
        *   Serv-U Managed File Transfer
        *   Serv-U Secured FTP
        *   Serv-U Gateway
*   Solutions
    *   BY NEED
        *   Hybrid Cloud Observability
        *   SolarWinds Observability
        *   Database Management
        *   Application Performance Management
        *   SolarWinds Orion Platform
        *   Network Management
        *   IT Asset Management
        *   IT Security
        *   IT Operations Management
        *   IT Help Desk
        *   Remote Monitoring
        *   Infrastructure
        *   IT Service Management
        *   IT Automation
        *   Compliance
        *   Remote Infrastructure Management
        *   Hybrid Systems Monitoring
        *   Secure Remote Access
    *   BY INDUSTRY
        *   Small Business
        *   Enterprise
        *   Education
        *   Public Sector
    *   BY TECHNOLOGY
        *   Azure
        *   Active Directory
        *   Cisco
        *   Office 365
        *   MySQL
        *   SQL Diagnostic
*   Support
    *   Renew Maintenance
        *   Renew Maintenance
        *   Learn about Auto-Renewal
    *   Access the Success Center
        *   Access the Success Center
        *   Onboarding/Deployment Services
        *   Premium Support Offerings
    *   Technical Support
        *   Americas: +1-512-682-9300
        *   EMEA: +353 21 5002900
        *   APAC: +65 6593 7600
        *   Submit a Ticket
        *   Supported Versions
        *   End of Life Policy
        *   End of Life Policy for SaaS Products
    *   Training & Certification
        *   SolarWinds Academy
        *   SolarWinds Certified Professional
    *   Customer Portal
        *   Access the Customer Portal
*   Community
    *   THWACK
        *   View THWACK
    *   Orange Matter
        *   View Orange Matter
    *   LogicalRead Blog
        *   View LogicalRead Blog
    *   Secure by Design Resource Center
        *   View Resources
*   FREE TRIALS
    
*   Contact Sales
    
*   Online Quote
    
*   View All Products View Free Tools

SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2023-23836)

**Summary**

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

**Affected Products**

*   SolarWinds Platform 2022.4.1

**Fixed Software Release**

*   SolarWinds Platform 2023.1

**Acknowledgments**

*   Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

**Advisory Details**

**First Published**

02/15/2023

**Fixed Version**

SolarWinds Platform 2023.1

**Workarounds**

SolarWinds recommends customers upgrade to SolarWinds Platform version 2023.1 as soon as it becomes available. The expected release is by the end of February 2023. SolarWinds also recommends customers to follow the guidance provided in the SolarWinds Secure Configuration Guide, and ensure only authorized users can access the SolarWinds Platform. Special attention should be given to the following points from the documentation:

*   Be careful not to expose your SolarWinds Platform website on the public internet. If you must enable outbound internet access from SolarWinds servers, create a strict allow list and block all other traffic. See SolarWinds Platform Product Features Affected by Internet Access.
*   Disable unnecessary ports, protocols, and services on your host operating system and on applications like SQL Server. For more details, see the SolarWinds Port Requirements guide and Best practices for configuring Windows Defender Firewall (© 2023 Microsoft, available at https://docs.microsoft.com, obtained on January 10, 2023.)
*   Apply proper segmentation controls on the network where you have deployed the SolarWinds Platform and SQL Server instances.
*   Configure the firewall for the main polling engine to limit and restrict all inbound and outbound access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in case of High Availability, both Active and Standby Primary Polling Engine Servers). You can check these by querying the Orion Servers table in the SolarWinds Platform database. Ensure this rule is updated when the configuration of SolarWinds Platform changes, for example, when you add new servers.

We’re Geekbuilt.®

Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to the IT community.

The result? IT management products that are effective, accessible, and easy to use.

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

CVE-2023-23836: SolarWinds Trust Center Security Advisories | CVE-2023-23836

Red Hat Security Advisory 2023-0758-01 - This release of Red Hat build of Quarkus 2.13.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat build of Quarkus 2.13.7 release and security update  
Advisory ID:       RHSA-2023:0758-01  
Product:           Red Hat build of Quarkus  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0758  
Issue date:        2023-02-14  
CVE Names:         CVE-2022-1471 CVE-2022-41881 CVE-2022-41946   
                   CVE-2022-45047 CVE-2023-0044   
=====================================================================

1. Summary:

An update is now available for Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact  
of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a  
detailed severity rating, is available for each vulnerability. For more  
information, see the CVE links in the References section.

2. Description:

This release of Red Hat build of Quarkus 2.13.7 includes security updates,  
bug  
fixes, and enhancements. For more information, see the release notes page  
listed in the References section.

Security Fix(es):

* CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code  
Execution [quarkus-2.13]

* CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
[quarkus-2.13]

* CVE-2022-45047 sshd-common: mina-sshd: Java unsafe deserialization  
vulnerability [quarkus-2.13]

* CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated  
which might lead to the Information Disclosure [quarkus-2.13]

* CVE-2022-41946 jdbc-postgresql: postgresql-jdbc:  
PreparedStatement.setText(int, InputStream) will create a temporary file if  
the InputStream is larger than 2k [quarkus-2.13]

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability  
2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution  
2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k  
2158081 - CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure

5. References:

https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-41881  
https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/cve/CVE-2022-45047  
https://access.redhat.com/security/cve/CVE-2023-0044  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=2.13.7  
https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.13/  
https://access.redhat.com/articles/4966181

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+vS5tzjgjWX9erEAQi0OQ/+Mgak6d18DR8wCQDeY7f0vj2o3dOhxsE0  
wgo5LZhoghb0R9pXnEKL5cYgJlXr0XiDDNxJPUzplK9+v3gLLdIr3TtNDge56/+p  
hdCjru2lHe5q8I2KBjVKZr2gNX+xIcavSNf9R2zD0LnG8CEslrSYS/6nBycWnp9A  
aWikyfve5zKCgoNrcBdaRM3LNnzCNAfEHe7pRuMjSjzY4E1FQUlO+FctDH0ICI/C  
0SGZdRos1gM1sPET7eZX9thButpUBSBBNLAgrtbtBHji4eiZtA5TPCDK+TP7SnVb  
QvKFXF10BZpG6f2rknahUcvnsqnFaQMj6a5wSYwoNqtbaJbnbW+FdM29OSjNYorN  
5wO2IUDiS3XfbuAeqCA1CF9G+XAmIBtest7ZDRRKqn4lZHz0+s0/qkbI+5tfQ9fm  
elYU8OBxDC2FCDjsjc3GbXm1skMHFXIZQIBXaN4E6FOjWJQXh++23yD0JoVMTB1h  
iPtPbWdlH5li99Myvkiz6V0u5ejbVCjNEQXNsl6Cf5b05h84qfxizfPqHS0Cyn6f  
idpzGqE7LxWBlSgbiImVLKHD1RnlAlrblspQizTZYK6z1BApExgzJX2d8fwbphTX  
/ZiPZqsVKyLobj8MRpFLpf0evRYhEcSdk0VbiLL+/yQ5oFfH2SYmy1N/kbGfTUcS  
OMvJd4+JZOY=  
=EubT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0758-01

Red Hat Security Advisory 2023-0759-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Virtualization security and bug fix update  
Advisory ID:       RHSA-2023:0759-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0759  
Issue date:        2023-02-14  
CVE Names:         CVE-2022-41946   
=====================================================================

1. Summary:

An update for ovirt-ansible-collection, ovirt-engine, and postgresql-jdbc  
is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise  
Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red  
Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch  
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch  
Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 - noarch

3. Description:

PostgreSQL is an advanced object-relational database management system. The  
postgresql-jdbc package includes the .jar files needed for Java programs to  
access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create  
a temporary file if the InputStream is larger than 2k (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* With this release, the upgrade function of the ovirt_host module waits  
long enough for the upgraded host to reach the desired state after upgrade.  
(BZ#2161703)

* Previously,the ovirt-enghine ansible-runner artifacts were only cleaned  
once, and the machine could run out of free disk space on the /var  
partition. In this release, the artifacts are cleaned periodically  
according to values defined in the  
AnsibleRunnerArtifactsCleanupCheckTimeInHours and  
AnsibleRunnerArtifactsLifetimeInDays engine-config options. (BZ#2151549)

* Code change for BZ2089299 introduced a regression, which didn't allow to  
set options in the engine-config which restricted the allowable values  
using the validValues field (for example ClientModeVncDefault or  
UserSessionTimeOutInterval).  
In this release, setting values for those fields works the same way as in  
RHV versions earlier than RHV 4.4 SP1 batch 3 (ovirt-engine-4.5.3).  
(BZ#2159768)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2151549 - Artifacts of ansible-runner (executed from ovirt-engine) did not clean up as expected  
2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k  
2159768 - Regression in ClientModeVncDefault  
2161703 - [RHEVM] Two nodes cluster upgrade failed, tries to put a node into maintenance while the updated is rebooting

6. Package List:

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8:

Source:  
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm

noarch:  
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:  
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm

noarch:  
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source:  
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm  
ovirt-engine-4.5.3.7-1.el8ev.src.rpm  
postgresql-jdbc-42.2.14-2.el8ev.src.rpm

noarch:  
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm  
ovirt-engine-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-backend-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-dbscripts-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-health-check-bundler-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-restapi-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-base-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-cinderlib-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-imageio-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-ovirt-engine-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-websocket-proxy-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-tools-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-tools-backup-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-vmconsole-proxy-helper-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-webadmin-portal-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-websocket-proxy-4.5.3.7-1.el8ev.noarch.rpm  
postgresql-jdbc-42.2.14-2.el8ev.noarch.rpm  
postgresql-jdbc-javadoc-42.2.14-2.el8ev.noarch.rpm  
python3-ovirt-engine-lib-4.5.3.7-1.el8ev.noarch.rpm  
rhvm-4.5.3.7-1.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+vS49zjgjWX9erEAQhjjhAApzZIpZYF+1xWecL2Ui75tOcKQIzGw6ld  
F3izXJ3z275BSIxG4/cVHurn41iRBv8HtdEUsOJUop3mBCGudAKBWHK+fiL18RDK  
kPR+rpzMLuoh+qrEbDj0tY9BT7kHroPxLffZHwTBtjPUw0gxvkQ95kEOcA04KFbT  
xFNZ2JcvTmGS+sKx++ca1+ZmjcWBvpNGYum+KbaU8OnbOMy/tOArJa+yf43nZeCP  
SSqIpDOD8ssPUBrqt1i3CjHL/uG8PVTyzP3q7NgXpK3GLnBQSR2OPoi0X2yum3Cj  
reyQSyvjqTg7Cz5B84GUCyyIsxrMp3CxnNXR2sKKvtDFFYNyJhOeDe+BkynSiIw7  
JQtPlO6wIl6rkTo5Q7OSA+bBtBkCkGq/8N/CiaDRb23b+02kerbQ/oiMB0CcyNPw  
RFWLgD6BBEjCGXAY4Rb42S+Jnmz6WYiux4DHChIaqxfCOlYNL5pCjIXxI7xyMB6m  
I7e2i5JUdJRobByvcEZ7piWFvqhx4FV17zFRfE8CEg0+HrXO32xg3hyh1kyRxarv  
7s8Ll3eMpb/IxwVaSyA0CrA3f6Us4C5zdRYAFfUDGqgW8fXKtXR5iu/W4MYzvADm  
XiHW0rOsBj3RQuit4bYrF4k3rQjQlD4MT5cKP4CmZ2wB04j5hVdmQVsqbb9Ayr87  
2D/UH7xkQuw=  
=BAYA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0759-01

BMC Control M versions prior to 9.0.20.214 suffer from SQL injection, denial of service, and information leaks.

BMC Control M SQL Injection / Denial Of Service

Possible RCE and denial-of-service issue discovered in Kafka Connect

Charlie Osborne 15 February 2023 at 14:01 UTC  
Updated: 15 February 2023 at 16:14 UTC

Possible RCE and denial-of-service issue discovered in Kafka Connect

  

Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect.

Announced on February 8, the critical vulnerability is tracked as CVE-2023-25194. It was discovered in Apache Kafka Connect, a free, open source component of Apache Kafka that operates as a central hub for data integration between systems, databases, and key-value stores.

Apache claims that more than 80% of Fortune 100 organizations use the Kafka platform, including approximately seven out of every 10 banks.

Read more of the latest web security vulnerability news

According to Apache’s mailing list note, the security flaw was discovered by bug bounty hunter Jari Jääskelä, who reported the issue via Aiven’s HackerOne bug bounty program.

The vulnerability can only be triggered when there is access to a Kafka Connect worker – a logical work unit component – and the user must also be able to create or modify worker connectors with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol.

**Log4Shell connection**

The vulnerability involves the Lightweight Directory Access Protocol (LDAP) and Java Naming and Directory Interface (JNDI) endpoints, as was the case with ‘Log4Shell’, the landmark vulnerability discovered in ubiquitous Java logging library Apache Log4j in 2021. JNDI is also involved in another, newly disclosed critical vulnerability in Apache Sling JCR Base.

With the Kafka bug, an authenticated attacker could configure a specific connector property via either the Aiven API or the Kafka Connect REST API, forcing a worker to connect to an attacker-controlled LDAP server.

“The server will connect to the attacker’s LDAP server and it deserializes the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka Connect server,” the advisory reads. “Attacker\[s\] can execute commands on the server and access other resources on the network.”

When each prerequisite exists, Apache says it would be possible to perform JNDI requests, potentially leading to the execution of remote code or denial-of-service attacks.

**Disclosure**

The report was first submitted to Aiven via the organization’s bug bounty program on April 4, 2022. Triage took place in May and Jääskelä was awarded a $5,000 reward for their efforts before the issue was fixed and publicly disclosed.

Apache Kafka versions 2.3.0-3.3.2 were impacted, and the vulnerability was fixed in version 3.4.0.

The organization notes that since Kafka 3.0.0, users have been able to specify the connector configuration properties used in the attack chain. A new property has been added that disables problematic login module usage in the SASL JAAS configuration in version 3.4.0, alongside additional security measures.

Apache said: “We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also, examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation.”

Jääskelä also submitted a second critical vulnerability report concerning Apache Kafka in the same month.

The Aiven JDBC sink, including the SQLite JDBC driver, could be abused with an unprotected Jolokia bridge to execute RCE on Kafka Connect servers. The bug bounty hunter was awarded $5,000 for this report, and the security issue has since been resolved.

The Daily Swig has reached out to the Apache project and we will update this story as and when we hear back.

YOU MAY ALSO LIKE OAuth ‘masterclass’ crowned top web hacking technique of 2022

Remote code execution flaw patched in Apache Kafka

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

Patch Tuesday / Software Updates

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.

Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws. The three zero-days of note that have been exploited are as follows -

*   **CVE-2023-21715** (CVSS score: 7.3) - Microsoft Office Security Feature Bypass Vulnerability
*   **CVE-2023-21823** (CVSS score: 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability
*   **CVE-2023-23376** (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

"The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.

"An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."

Successful exploitation of the above flaws could enable an adversary to bypass Office macro policies used to block untrusted or malicious files or gain SYSTEM privileges.

CVE-2023-23376 is also the third actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 and CVE-2022-37969 (CVSS scores: 7.8), which were addressed by Microsoft in April and September 2022.

"The Windows Common Log File System Driver is a component of the Windows operating system that manages and maintains a high-performance, transaction-based log file system," Immersive Labs' Nikolas Cemerikic said.

"It is an essential component of the Windows operating system, and any vulnerabilities in this driver could have significant implications for the security and reliability of the system."

It's worth noting that Microsoft OneNote for Android is vulnerable to CVE-2023-21823, and with the note-taking service increasingly emerging as a conduit for delivering malware, it's crucial that users apply the fixes.

Also addressed by Microsoft are multiple RCE defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server as well as denial-of-service (DoS) issues impacting Windows iSCSI Service and Windows Secure Channel.

Three of the Exchange Server flaws are classified by the company as "Exploitation More Likely," although successful exploitation requires the attacker to be already authenticated.

Exchange servers have proven to be high-value targets in recent years as they can enable unauthorized access to sensitive information, or facilitate Business Email Compromise (BEC) attacks.

**Software Patches from Other Vendors**

Besides Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apple
*   Atlassian
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   Drupal
*   F5
*   GitLab
*   Google Chrome
*   HP
*   IBM
*   Intel
*   Juniper Networks
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   NVIDIA
*   Palo Alto Networks
*   Qualcomm
*   Samba
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   VMware
*   Zoho, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Tag

#sql