Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. Cisco ACI MSO is an intersite network and policy orchestration solution that helps admins monitor the health of their organizations’ interconnected sites across multiple data centers.
Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019. Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam (CROS)… Read more »
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago. While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help… Read more »
VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild… Read more »
Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. The security vulnerability tracked as CVE-2020-14750 received a 9.8 severity base score from Oracle, out of a maximum rating of 10. Oracle credits 20 organizations and people in the security advisory for having provided information… Read more »
