In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

**Remedial Actions**

To address all the vulnerabilities listed below, upgrade to version 8.3.0.2, 9.0.0.1, 9.1.0.1, or 10.0 and apply the appropriate HotFix linked above.

**Issue**

**Issue #1: Unauthorized account creation, modification**

Under specific conditions an authenticated remote attacker may be able to create or modify accounts.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.9 (/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended actions:
    *   Review OpsCenter user accounts to ensure this vulnerability has not been exploited in your OpsCenter implementation. Use these instructions to view the OpsCenter user account information.
    *   Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #2: Remote command execution.**

An unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 9.1.0.1 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the HotFix as needed.

**Issue #3: Remote command execution.**

An unauthenticated remote attacker may be able to perform a remote command execution through a Java classloader manipulation.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Issue #4: Path Traversal vulnerability**

NetBackup OpsCenter may be vulnerable to a Path Traversal attack via esapi-2.2.3.1 third party component.

*   CVE ID: CVE-2022-23457
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the HotFix.

**Issue #5: Local privilege escalation**

An attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.3 (/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Issue #6: Hard coded credentials vulnerability**

A hard-coded credential was discovered in NetBackup OpsCenter that could be used to exploit the underlying VxSS subsystem

*   CVE ID: TBA
*   Severity: High
*   CVSS v3.1 Base Score: 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #7: DOM XSS vulnerability**

NetBackup OpsCenter is vulnerable to a DOM XSS attack.

*   CVE ID: TBA
*   Severity: Medium
*   CVSS v3.1 Base Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #8: Information leakage**

Certain OpsCenter endpoints could allow an unauthenticated remote attacker to gain sensitive information.

*   CVE ID: To Be Assigned
*   Severity: Medium
*   CVSS v3.1 Base Score: 4.3 (/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Acknowledgement**

Veritas would like to thank the following Airbus Security Team members for notifying us about several of the issues in this advisory: Mouad Abouhali, Benoit Camredon, Nicholas Devillers, Anais Gantet, and Jean-Romain Garnier.

**Disclaimer**

AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC  
2625 Augustine Drive  
Santa Clara, CA 95054

CVE-2022-36952: HotFix for Security Advisory Impacting NetBackup OpsCenter

In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVE-2022-36949: HotFix for Security Advisory Impacting NetBackup OpsCenter

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVE-2022-36954: HotFix for Security Advisory Impacting NetBackup OpsCenter

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVE-2022-36953: HotFix for Security Advisory Impacting NetBackup OpsCenter

Red Hat Security Advisory 2022-4931-01 - The RHV-M Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]  
Advisory ID:       RHSA-2022:4931-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4931  
Issue date:        2022-06-07  
CVE Names:         CVE-2021-3677  
====================================================================  
1. Summary:

Updated RHV-M Appliance packages that fix several bugs and add various  
enhancements are now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64  
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - x86_64

3. Description:

The RHV-M Appliance automates the process of installing and configuring the  
Red Hat Virtualization Manager. The appliance is available to download as  
an OVA file from the Customer Portal.

Security Fix(es):

* postgresql: memory disclosure in certain queries (CVE-2021-3677)

For more details about the security issue(s), including the impact, a CVSS  
score, and other related information, refer to the CVE page(s) listed in  
the References section.

Bug Fix(es):

* RHV-M Appliance rebased on RHEL 8.6 (BZ#1997073)

* Previously, a self-hosted engine deployment failed when an OpenSCAP  
security profile was applied, resulting in the SSH key permissions being  
changed to 0640. In this release, the permissions are not changed and the  
deployment succeeds. (BZ#2011309)

* rng-tools, rsyslog-gnutls, usbguard packages added to the RHV-M Appliance  
to comply with DISA-STIG profile requirements (BZ#2070963)

* OVA package manifest added to the RHV-M Appliance RPM. (BZ#2070980)

* Previously, the nodejs package was downgraded during the RHV-M  
installation.  
In this release, the correct version of the nodejs package is installed and  
maintained. (BZ#2075852)

* RHV-M Appliance rebased on Ceph 4.3 (BZ#2090137)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1958396 - RHV installation process downgrades some packages  
1997073 - Rebase RHV-M Appliance on RHEL 8.6.0  
2001857 - CVE-2021-3677 postgresql: memory disclosure in certain queries  
2011309 - sshd service fails to start after rebooting to apply FIPS settings  
2050071 - Use authselect in RHV-H and appliance images  
2056146 - Hosted engine deployed failed since no enabled repositories can be found for engine setup.  
2070963 - Include packages needed by DISA STIG  
2070980 - [RFE] Include a manifest in the rpm  
2073965 - [Hosted Engine]Error message  "Destination directory /etc/fapolicyd/rules.d does not exist" is displayed but it is existed  
2075852 - nodejs module not enabled causes nodejs downgrade to version 10  
2090137 - Rebase rhvm-appliance on ceph 4.3

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:  
rhvm-appliance-4.5-20220603.1.el8ev.src.rpm

x86_64:  
rhvm-appliance-4.5-20220603.1.el8ev.x86_64.rpm

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:  
rhvm-appliance-4.5-20220603.1.el8ev.src.rpm

x86_64:  
rhvm-appliance-4.5-20220603.1.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3677  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFj29zjgjWX9erEAQjj7RAAluJoSnFbhfCHvE/0HwzZIXt+LC5+QPor  
HffFFR3MtPWTmQtlJCuFoyhRfBNU7CgUyEyOJI3BKycXv/NlpVRDQroRWQPz0tLF  
ZmwByCjauSZ4OLCikYLDuIuZUHZPWWOLAh9d0wP1Im9GvYkaKiTIjvLMNsQt5U8h  
NTADL/9OJMXpFDa6IvfpeBZXDnYUYUZEYhFKfZTHuSeOHcsRnPPRd3TcikLroxma  
+Rqwn4VkN2CnJS0Z8XYf6Y7PCOif0ynxE7GH5xOEJ9qT36ikjw427bOBSMB4xU6K  
0JWvYMVPv7d9BNxQhJe1F+Eg/vKLe6fZp1LLPS8BSK4uWoFsUOYaGDiPk/JdWUon  
1YrH96YphQYxBtOz+4DITFsMe8TV9uDbq1P3zlHdCFRaCTiZFX0wk3ZgRvnF7TP2  
9pWV0LEUwgjHs7nlVkdAxqQGJEz3U+CcGlwW9T4pji86J+nszzqZY9vdVcgMUetv  
4jbVFkMr4bSoJwjIQVTSC5/BgbBvdG0cgGLNeamYfBXN5MROE2MkLR9n+PIrTUGG  
vmaS+Ak8yNDX2r7P2dh62ebncnNu2z7gVl9DY3NwbxWArCvdxE9P0JfB7ogvLxv7  
F1aHF4dJYnd3ABkmIvdTyWo8lLMH/EKPaxCCp489q4WJvOG9L+xH6l+SYoKA6x5t  
OUChjlkp1dQ=hW7D  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4931-01

Red Hat Security Advisory 2022-5596-01 - This release of Red Hat build of Quarkus 2.7.6 includes security updates, bug fixes, and enhancements. Issues addressed include a denial of service vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat build of Quarkus 2.7.6 release and security updateAdvisory ID:       RHSA-2022:5596-01Product:           Red Hat build of QuarkusAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5596Issue date:        2022-07-19CVE Names:         CVE-2020-36518====================================================================1. Summary:An update is now available for Red Hat build of Quarkus. Red Hat ProductSecurity has rated this update as having a security impact of Moderate. ACommon Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability. For moreinformation, see the CVE links in the References section.2. Description:This release of Red Hat build of Quarkus 2.7.6 includes security updates,bugfixes, and enhancements. For more information, see the release notes pagelistedin the References section.Security Fix(es):* CVE-2020-36518 jackson-databind: denial of service via a large depth ofnested objects [quarkus-2]3. Solution:Before applying the update, back up your existing installation, includingallapplications, configuration files, databases and database settings, and soon.The References section of this erratum contains a download link for theupdate.You must be logged in to download the update.4. Bugs fixed (https://bugzilla.redhat.com/):2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects5. References:https://access.redhat.com/security/cve/CVE-2020-36518https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/https://access.redhat.com/articles/49661816. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYuFkTtzjgjWX9erEAQhVwA/9HDoYsZc/1EEAG+m5aEGmL4Y+xh4focYSdXKiKg6BTY/GvdCkxseYf4rGsQqEagQ6eEqJNJHFDY8RJsg/hnhz57W0cUprZzC0HGa6iPBylPII5PBZ0kwjVpezz1onEWJ4TTd19fvlKrL5DCRT4ftlVl4N+ER9l4Ig0NRJ2C12tLs7Qe9U4Wl6+pP5OppxMx1chOH4i3TlRfJDDBLqbzrNnjs4WZvMl5bCKQwzT1l4dMBai2elzkmW4uizkSPrYQ/DYubUk2gctqDb0h5NURMWXC1Pxdiah+uNOgAa+HtNMzob7SkcUTQzO2M+z/8vsDnnOjq4mVAUhBMHKgDJv0d6/YRoyH4HMOeXYBurEbM4TWTCyeeSCCdScMKyKJXlgRf7gm5rVJC77jnB1T/HgrlzgUTtgq/YGk8e5RJqvUgGNSfIjqVP8BnzRoOr05kOemc2591FD+koFF0/Vt8VylMs4S0FRNCKq/bO/uznpR595k8oGTdeHDXJ9zczyIiUQU/J/JNPdTuAVB6c0aaec8wYQ2h75bl/5C8pTsQ3pVidzccmLorNoNKARsEDj8QU8KacvV475oLAA/6LQrOEpKTl3I3EcKX8FhLumjHb6gEYQMuON6RuIS2G3cOERLkRuEMYJpZgOCsIZ1zIiNH+7s85qmtA1R2Zmcbe3FiPyr0wEi8=Tk+0-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5596-01

Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Fuse 7.11.0 release and security update  
Advisory ID:       RHSA-2022:5532-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5532  
Issue date:        2022-07-07  
CVE Names:         CVE-2020-7020 CVE-2020-9484 CVE-2020-15250  
                   CVE-2020-25689 CVE-2020-29582 CVE-2020-36518  
                   CVE-2021-2471 CVE-2021-3629 CVE-2021-3642  
                   CVE-2021-3644 CVE-2021-3807 CVE-2021-3859  
                   CVE-2021-4178 CVE-2021-22060 CVE-2021-22096  
                   CVE-2021-22119 CVE-2021-22569 CVE-2021-22573  
                   CVE-2021-24122 CVE-2021-25122 CVE-2021-25329  
                   CVE-2021-29505 CVE-2021-30640 CVE-2021-33037  
                   CVE-2021-33813 CVE-2021-35515 CVE-2021-35516  
                   CVE-2021-35517 CVE-2021-36090 CVE-2021-38153  
                   CVE-2021-40690 CVE-2021-41079 CVE-2021-41766  
                   CVE-2021-42340 CVE-2021-42550 CVE-2021-43797  
                   CVE-2021-43859 CVE-2022-0084 CVE-2022-1259  
                   CVE-2022-1319 CVE-2022-21363 CVE-2022-21724  
                   CVE-2022-22932 CVE-2022-22950 CVE-2022-22968  
                   CVE-2022-22970 CVE-2022-22971 CVE-2022-22976  
                   CVE-2022-22978 CVE-2022-23181 CVE-2022-23221  
                   CVE-2022-23596 CVE-2022-23913 CVE-2022-24614  
                   CVE-2022-25845 CVE-2022-26336 CVE-2022-26520  
                   CVE-2022-30126  
====================================================================  
1. Summary:

A minor version update (from 7.10 to 7.11) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat  
Fuse 7.10 and includes bug fixes and enhancements, which are documented in  
the Release Notes document linked in the References.

Security Fix(es):

* fastjson (CVE-2022-25845)

* jackson-databind (CVE-2020-36518)

* mysql-connector-java (CVE-2021-2471, CVE-2022-21363)

* undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)

* wildfly-elytron (CVE-2021-3642)

* nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)

* 3 qt (CVE-2021-3859)

* kubernetes-client (CVE-2021-4178)

* spring-security (CVE-2021-22119)

* protobuf-java (CVE-2021-22569)

* google-oauth-client (CVE-2021-22573)

* XStream (CVE-2021-29505, CVE-2021-43859)

* jdom (CVE-2021-33813, CVE-2021-33813)

* apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517,  
CVE-2021-36090)

* Kafka (CVE-2021-38153)

* xml-security (CVE-2021-40690)

* logback (CVE-2021-42550)

* netty (CVE-2021-43797)

* xnio (CVE-2022-0084)

* jdbc-postgresql (CVE-2022-21724)

* spring-expression (CVE-2022-22950)

* springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096,  
CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)

* h2 (CVE-2022-23221)

* junrar (CVE-2022-23596)

* artemis-commons (CVE-2022-23913)

* elasticsearch (CVE-2020-7020)

* tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122,  
CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340,  
CVE-2022-23181)

* junit4 (CVE-2020-15250)

* wildfly-core (CVE-2020-25689, CVE-2021-3644)

* kotlin (CVE-2020-29582)

* karaf (CVE-2021-41766, CVE-2022-22932)

* Spring Framework (CVE-2022-22968)

* metadata-extractor (CVE-2022-24614)

* poi-scratchpad (CVE-2022-26336)

* postgresql-jdbc (CVE-2022-26520)

* tika-core (CVE-2022-30126)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

Installation instructions are available from the Fuse 7.11.0 product  
documentation page:  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

4. Bugs fixed (https://bugzilla.redhat.com/):

1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE  
1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure  
1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller  
1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure  
1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system  
1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure  
1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c  
1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)  
1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream  
1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request  
1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression  
1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request  
1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS  
1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer  
1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy  
1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness  
1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive  
1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive  
1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive  
1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive  
2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine  
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients  
2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2  
2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure  
2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS  
2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical  
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file  
2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method  
2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries  
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI  
2046279 - CVE-2022-22932 karaf: path traversal flaws  
2046282 - CVE-2021-41766 karaf: insecure java deserialization  
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors  
2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability  
2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting  
2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS  
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes  
2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)  
2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file  
2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception  
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS  
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression  
2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)  
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures  
2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability  
2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified  
2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31  
2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part  
2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket  
2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher  
2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor  
2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization

5. References:

https://access.redhat.com/security/cve/CVE-2020-7020  
https://access.redhat.com/security/cve/CVE-2020-9484  
https://access.redhat.com/security/cve/CVE-2020-15250  
https://access.redhat.com/security/cve/CVE-2020-25689  
https://access.redhat.com/security/cve/CVE-2020-29582  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-2471  
https://access.redhat.com/security/cve/CVE-2021-3629  
https://access.redhat.com/security/cve/CVE-2021-3642  
https://access.redhat.com/security/cve/CVE-2021-3644  
https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2021-3859  
https://access.redhat.com/security/cve/CVE-2021-4178  
https://access.redhat.com/security/cve/CVE-2021-22060  
https://access.redhat.com/security/cve/CVE-2021-22096  
https://access.redhat.com/security/cve/CVE-2021-22119  
https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2021-22573  
https://access.redhat.com/security/cve/CVE-2021-24122  
https://access.redhat.com/security/cve/CVE-2021-25122  
https://access.redhat.com/security/cve/CVE-2021-25329  
https://access.redhat.com/security/cve/CVE-2021-29505  
https://access.redhat.com/security/cve/CVE-2021-30640  
https://access.redhat.com/security/cve/CVE-2021-33037  
https://access.redhat.com/security/cve/CVE-2021-33813  
https://access.redhat.com/security/cve/CVE-2021-35515  
https://access.redhat.com/security/cve/CVE-2021-35516  
https://access.redhat.com/security/cve/CVE-2021-35517  
https://access.redhat.com/security/cve/CVE-2021-36090  
https://access.redhat.com/security/cve/CVE-2021-38153  
https://access.redhat.com/security/cve/CVE-2021-40690  
https://access.redhat.com/security/cve/CVE-2021-41079  
https://access.redhat.com/security/cve/CVE-2021-41766  
https://access.redhat.com/security/cve/CVE-2021-42340  
https://access.redhat.com/security/cve/CVE-2021-42550  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2021-43859  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-1259  
https://access.redhat.com/security/cve/CVE-2022-1319  
https://access.redhat.com/security/cve/CVE-2022-21363  
https://access.redhat.com/security/cve/CVE-2022-21724  
https://access.redhat.com/security/cve/CVE-2022-22932  
https://access.redhat.com/security/cve/CVE-2022-22950  
https://access.redhat.com/security/cve/CVE-2022-22968  
https://access.redhat.com/security/cve/CVE-2022-22970  
https://access.redhat.com/security/cve/CVE-2022-22971  
https://access.redhat.com/security/cve/CVE-2022-22976  
https://access.redhat.com/security/cve/CVE-2022-22978  
https://access.redhat.com/security/cve/CVE-2022-23181  
https://access.redhat.com/security/cve/CVE-2022-23221  
https://access.redhat.com/security/cve/CVE-2022-23596  
https://access.redhat.com/security/cve/CVE-2022-23913  
https://access.redhat.com/security/cve/CVE-2022-24614  
https://access.redhat.com/security/cve/CVE-2022-25845  
https://access.redhat.com/security/cve/CVE-2022-26336  
https://access.redhat.com/security/cve/CVE-2022-26520  
https://access.redhat.com/security/cve/CVE-2022-30126  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.11.0  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkRNzjgjWX9erEAQg9LQ/9HYM6Ig0vTdDrN6ITdimAnjShWe/4Nyxx  
iZeg/VprKnpSQDRvNKIKUBuiKSggiTY4MZa3dXSJLkS57EyqZiWWTT2ADyN0Z6cm  
+sAQar6GTPg9eyZdMDeuM7plwQQZk8mzSj8aDN2QzHevnmNBlHlVE2MwpZmzVUjo  
O3/UhM4up60Z5Ryyk/4tWRry8wpj7rL9pW3HiVkxdHlDNijaxJ7PerXGItMpVytT  
0IVDwHz3jdJJH3/5uaeippUFu1S+L+75CwIUlvr25YIj3XQ4Sv1vdLvamf8j9P+8  
pVRnRyPl7vh2hXl8p2fby58LBINJKmUOOugeMWo2yoz9B4HQiTUOqXrOTe9nUD+P  
Ntx9YGTX6UhNG562eTAGGrKi0J0rd11FdqVfw12JeXWGqzYRfFW/UdKaRYCUQt24  
9O7FuzAHALe5Bcl7rGtKvbnY2DyLJ4AO3YdbskS502sTFjEfcdPObfQWaYniBBhx  
n8cmjdMB3bdGzpbPt/tlnYFNqdC9MSEn2J8kSlGMWP5Ntj5WYzReTiPAFY42dYpM  
gA4vqWNTn+lRAPm232u4CY9K7cDCz8Qdz22hoS21YulQXV+lDYyeyxCv0SwmG4yO  
rL5Uv5DOSmtH8UHa/vLTHKW7R59uuOLeAumfjRVxj52DJSCUTTGeKjBVTkjkpzq4  
rUyXD0vegnU=m5cz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5532-01

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.

@@ -80,21 +80,28 @@ public function install(array $options = null, &$status=null)

  

$installUrl = $webDomain . "install.php";

  

$cmd = "curl --request POST "

. ($sslEnabled ? "" : "\--insecure " )

. "\--url $installUrl "

. "\--header 'Content-Type: application/x-www-form-urlencoded' "

. "\--data l=en "

. "\--data 'd\[title\]=" . $options\['wiki\_name'\] . "' "

. "\--data 'd\[acl\]=on' "

. "\--data 'd\[superuser\]=" . $options\['superuser'\] . "' "

. "\--data 'd\[fullname\]=" . $options\['real\_name'\] . "' "

. "\--data 'd\[email\]=" . $options\['email'\] . "' "

. "\--data 'd\[password\]=" . $options\['password'\] . "' "

. "\--data 'd\[confirm\]=" . $options\['password'\] . "' "

. "\--data 'd\[policy\]=" . substr($options\['initial\_ACL\_policy'\], 0, 1) . "' "

. "\--data 'd\[license\]=" . explode(":", $options\['content\_license'\])\[0\] . "' "

. "\--data submit=";

$cmd = implode(" ", array(

"curl",

"\--request POST",

($sslEnabled ? "" : "\--insecure "),

"\--url " . escapeshellarg($installUrl),

"\--header 'Content-Type: application/x-www-form-urlencoded'",

'--data-binary ' . escapeshellarg(http\_build\_query(array(

"l" => "en",

"d" => array(

"title" => $options\['wiki\_name'\],

'acl' => 'on',

'superuser' => $options\['superuser'\],

'fullname' => $options\['real\_name'\],

'email' => $options\['email'\],

'password' => $options\['password'\],

'confirm' => $options\['password'\],

'policy' => substr($options\['initial\_ACL\_policy'\], 0, 1),

'license' => explode(":", $options\['content\_license'\])\[0\]

),

'submit' => ''

)))

));

  

exec($cmd, $output, $return\_var);

if($return\_var > 0){

CVE-2022-2550: fix DokuWiki shell issue · hestiacp/hestiacp@3d4c309

IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.

Read some the cybersecurity headlines and you'll notice a trend: They increasingly involve business applications.

For example, the email tool Mailchimp says intruders broke into its customer accounts via an "internal tool." Marketing automation software HubSpot got infiltrated. Corporate password wallet Okta was compromised. Project management tool Jira made an update that accidentally exposed the private information of clients like Google and NASA.

This is one of cybersecurity's newest fronts: your internal tools.

It's only logical that malicious actors would intrude here next, or that employees would accidentally leave doors open. The average organization now has 843 SaaS applications and increasingly relies on them to run its core operations. I was curious about what administrators can do to keep these apps secure, so I interviewed an old colleague, Misha Seltzer, a CTO and co-founder of Atmosec, who is working in this space.

**Why Business Applications Are Particularly Vulnerable**

The users of business applications tend not to think about security and compliance. Partly, because that's not their job, says Misha. They're already plenty busy. And partly, it's because these teams try to purchase their systems outside of IT's purview.

Meanwhile, the apps themselves are designed to be easy to launch and integrate. You can launch many of them without a credit card. And users can often integrate this software with some of their most vital systems of record like the CRM, ERP, support system, and human capital management (HCM) with as little as one click.

This is true of most apps offered within those major vendors' app stores. Misha points out that Salesforce users can "connect" an app from the Salesforce AppExchange _without actually installing it_. That means there's no scrutiny, it can access your customer data, and its activities are logged under the user profile, making it difficult to track.

So, that's the first issue. It's very easy to connect new, potentially insecure apps to your core apps. The second issue is that most of these systems haven't been designed for administrators to observe what goes on within them.

For example:

*   **Salesforce** offers many wonderful DevOps tools, but no native way to track integrated apps, extend API keys, or compare orgs to detect suspicious changes.
*   **NetSuite's** changelog doesn't provide detail on who changed what — only _that_ something changed, making it difficult to audit.
*   **Jira's** changelog is equally sparse, and Jira is often integrated with Zendesk, PagerDuty, and Slack, which contain sensitive data.

This makes it difficult to know what's configured, which applications have access to what data, and who has been in your systems.

**What You Can Do About It**

The best defense is an automatic defense, says Misha, so talk to your cybersecurity team about how they can roll monitoring your business applications into their existing plans. But for complete awareness and coverage, they, too, are going to need deeper insight into what's happening within and between these applications than what these tools natively provide. You'll need to build or buy tools that can help you:

*   **Identify your risks:** You'll need the ability to view everything that's configured in each application, to save snapshots in time, and to compare those snapshots. If a tool can tell you the difference between yesterday's configuration and today's, you can see who has done what — and detect intrusions or the potential for intrusions.
*   **Probe, monitor, and analyze for vulnerabilities:** You need a way to set alerts for changes to your most sensitive configurations. These will need to go beyond traditional SaaS security posture management (SSPM) tools, which tend to monitor only one application at a time, or to only provide routine recommendations. If something connects to Salesforce or Zendesk and alters an important workflow, you need to know.
*   **Develop a response plan:** Adopt a Git-like tool that allows you to "version" your business applications to store prior states which you can then revert to. It won't fix every intrusion, and may cause you to lose metadata, but it's an effective first line of remediation.
*   **Maintain your SaaS security hygiene:** Deputize someone on the team with keeping your orgs up to date, deactivating unnecessary users and integrations, and ensuring that security settings that were turned off are turned back on — e.g., if someone disables encryption or TLS to configure a webhook, check that it was re-enabled.

If you can put all that together, you can start to identify areas that malicious actors could get in — such as through Slack's webhooks, as Misha points out.

**Your Role in Business System Security**

It's not up to administrators alone to secure these systems, but you can play an important role in locking some of the obvious open doors. And the better you're able to see into these systems — a chore which they aren't always natively built to allow — the better you'll know if someone hacked a business application.

The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications

By Owais Sultan
The advent of the digital age is a source of blessing in a way that makes life easier…
This is a post from HackRead.com Read the original post: Ways Hackers Can Steal Information from Your Device

****The advent of the digital age is a source of blessing in a way that makes life easier yet, it comes with some challenges including malicious hackers and cyber attacks.****

The threats posed by hackers to organizations and individuals have become a major concern as those fraudulent elements keep on increasing and devising new methods of perpetrating their sinister acts.

According to research by a software testing firm, not less than 30,000 websites are hacked daily worldwide and every 39 seconds there is a new cyber-attack launched at someone on the web. 

Let’s dig deeper into how hackers operate and how you can protect yourself from cyber attacks and scams.

Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compel you to take action if they want to steal your information. For example, they may send you a link from a hacked social media profile, and create urgency by asking you to take some action.

After you click the link, you will be taken to a page that will require you to sign in to your Google or Apple, or similar account. But the form does not login to your account, it will instead be a fake login page created by crooks to steal your login credentials.

A recent example of a successful social engineering attack includes the Singaporean identity fraud scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in prison for scamming in the name of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.

Ho also used social engineering skills to trick Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services by using personal details of Merrill.

**Keylogger**

Keylogger is designed to secretly spy on victims and can capture everything you type on your keyboard and every command you execute. It captures your passwords, credit card numbers, keystrokes, and browsing history.

It is worth noting that a keylogger can be software or a hardware device such as a malicious USB.

Software Keyloggers sneak into your computer system via harmful links or attachments. A hardware-based keylogger can be installed on your device if attackers have physical access to your computer.

**Public Wi-Fi Eavesdropping**

Wi-Fi eavesdropping can be defined as the act whereby your vital data is stolen by a hacker after exploiting an unsecured public Wi-Fi network. Because some public Wi-Fi allow unsecured transmission of data, your vital information, and files that are unencrypted are at the risk of hackers.

One of the gimmicks used by hackers is that they would name their hotspot after the name of the business premises or shopping mall etc. The Wi-Fi will probably be free and without a password so you are tempted to go for freebies. 

Once you connect to the hacker’s Wi-Fi, the hacker can see everything you do and steal your personal information including passwords. You can avoid this by not using public Wi-Fi, using your own hotspot device plus enabling your VPN at all times.

**SIM Swap Fraud**

A SIM swap attack is when a cybercriminal(s) calls your network provider and impersonates you. They claim that your SIM card is lost and they want to port your number to a new hacker-controlled SIM card.

Of course, your network provider will ask some questions to identify the person requesting the swap. These questions can be easily answered based on the Infomation you have provided about yourself on your social media accounts. (Don’t share your personal information on social media).

In this age of two-factor authentication (2FA) and USSD banking, your SIM card is coveted by hackers. This is because when they get your SIM card, they can bypass 2FA and intercept OTP (one-time password) as the verification code is sent to your swapped phone number.

Equity and forex trading brokerages also offer online trading apps that use 2FA to verify and authenticate users. When your SIM has been swapped, this verification code goes straight to the hacker who now controls your phone number.

Once the attacker has the verification code, they can link a new account to your investment, crypto wallet, or trading app and wire funds out. They can also use the funds in your account to buy worthless shares from other scammers thus enriching them and impoverishing you.

**Browser Hijacking**

An attacker can install malware right into your internet browser without you even knowing. This can happen when you click on an unknown link or download an app from a 3rd-party store. Most of the apps available in such stores are Trojans meaning they are not what they claim to be. By installing them, you could install a virus into your browser as well.

The virus in your browser then begins to redirect you to hacker-controlled sites that resemble legitimate sites. From there, your passwords are collected and used to access your accounts. 

**IP Spoofing**

This is the act whereby a hacker hijacks your browsing connection through the usage of a fake Internet Protocol (IP) address. A publication by Dell Technologies shows that there are over 30,000 spoofing attacks every day around the world.

IP spoofing scams mostly occur at a location where internal systems trust one another in a way that users can have access without any username or password, provided they are connected with the network.

It involves the act of masquerading as a fake computer IP address in a way that would look like a legitimate one. In the course of IP spoofing, attackers convey a message to a computer system with a fake IP address which shows that the message is coming from a different IP address. 

**Domain Name System (DNS) Spoofing/ Poisoning**

The term ‘spoofing’ has to do with impersonation. In this case, a hacker’s computer is impersonating a legitimate computer on a network. A domain name is simply a website name like ‘www.google.com’

DNS spoofing, let’s assume you want to visit Twitter and you type the domain name ‘www.twitter.com’ into your browser’s URL bar. This domain name is sent to a DNS server which converts the domain name of Twitter into an IP address example 172.28.213.15 which is supposed to be the IP address of Twitter’s official computer server.

The hacker spoofs it by deceiving the DNS server to convert Twitter’s domain name into a **different** hacker-controlled IP address which takes you to the hacker’s server instead of Twitter’s server.

The attackers could have designed a fake Twitter page and hosted it on his spoofed server. Once you attempt to log in, they can steal your password and use it to access your account. 

The result of DNS poisoning is that any information you send is routed through the hacker before it gets to the web. This allows them to steal your passwords and access your accounts. 

**Domain Spoofing**

This online fraud, also known as a homograph attack occurs when a hacker makes use of a domain name that greatly resembles the website you are trying to visit.  Perpetrating this act, the hacker replaces the characters in the fake domain name with other non-ASCII characters that look much alike in appearance.

It will be designed in such a way that you may not notice the difference, as you would be assured about the secure connection of the browser. To begin the process of HTTP spoofing, the cyber attacker’s first step is to register a domain name that resembles yours.

The scammer would then proceed to send a link to you, and you may likely not notice that you are visiting a fake version of the site you planned to go to because the majority of browsers display puny code host names in their address bar. One such example is:

It’s Google.com not ɢoogle.com

This scamming system is designed to even prove to you that the website’s SSL certificate is real, thereby preventing you from detecting the fraud.

**Session Hijacking**

When you visit a website, you might notice a popup prompting you to allow cookies. Cookies refer to your personal information stored temporarily in your computer’s cache memory and are deleted after you leave the site. _(Here’s how to disable Cookies notice for good)_.

Cookies contain a unique ‘session ID’ number which if gotten by a hacker, will enable them to take over your session. An attacker can steal your cookies using different means such as phishing scams where they send you an email containing a malicious link. When you click on the link, it will install malware for session hijacking.

The point here is, that once an attacker steals your cookie or gets your session ID, they can take over your browsing session and if you were visiting a bank website, they can steal your funds. You may notice the page freeze, or some technical difficulty while this is going on and when it’s over, your money is gone. 

**Don’t Be Caught Off Guard**

*   Never download files from suspicious emails, messages, or contacts. Also, never click a link shared by an unknown source, or enter your account details and password on websites that you don’t trust.
*   Ensure that your two-factor authentication is enabled. Or you can also use token-based logins.
*   Don’t send PINs, passwords, and your financial details via text or email.
*   To guard against IP Spoofing, ensure you use a Virtual Private Network (VPN). Or use anti-malware software with web protection, that blocks unknown websites.

Tag

#ssl