Cisco fixes maximum severity MSO auth bypass vulnerability

Posted by & filed under Security Alerts.

Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. Cisco ACI MSO is an intersite network and policy orchestration solution that helps admins monitor the health of their organizations’ interconnected sites across multiple data centers.

VMware fixes zero-day vulnerability reported by the NSA

Posted by & filed under Security Alerts.

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago. While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help… Read more »

VMware discloses critical zero-day vulnerability in Workspace One

Posted by & filed under Security Alerts.

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild… Read more »

Oracle issues emergency patch for critical WebLogic Server flaw

Posted by & filed under Security Alerts.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. The security vulnerability tracked as CVE-2020-14750 received a 9.8 severity base score from Oracle, out of a maximum rating of 10. Oracle credits 20 organizations and people in the security advisory for having provided information… Read more »