Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisories

  • 2023-020: Remote Code Execution vulnerability in Windows HTTP protocol stack

    Wednesday, March 15, 2023 11:30:00 AM CET

    On March 14, 2023, Microsoft released a security fix for a vulnerability (CVE-2023-23392) in the HTTP/3 protocol stack of Microsoft Windows Server 2022 and Windows 11 systems. This vulnerability allows a remote attacker to execute arbitrary code. Microsoft expects this vulnerability likely to be exploited soon.

  • 2023-019: Several Critical Vulnerabilities in SAP Products

    Wednesday, March 15, 2023 11:30:00 AM CET

    On March 14, 2023, SAP released 19 patches for various products which contain five critical severity fixes for SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver:

    - Improper Access Control in SAP NetWeaver AS for Java (CVE-2023-23857)
    - Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC) (CVE-2023-25616)
    - OS command execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server) (CVE-2023-25617)
    - Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (CVE-2023-27269)
    - Directory Traversal vulnerability in SAP ERP and S4HANA (SAPRSBRO Program) (CVE-2023-27500)

    Due to its high global market share, SAP products are a valuable target for threat actors and criminals. Therefore, CERT-EU recommends applying the issued patches as soon as possible.

  • 2023-018: Microsoft Outlook Elevation of Privilege Vulnerability

    Wednesday, March 15, 2023 11:30:00 AM CET

    On March 14, 2023, Microsoft released a security fix for an elevation of privilege vulnerability (CVE-2023-23397) in Microsoft Outlook. A specially crafted e-mail can trigger the vulnerability automatically when it is retrieved and processed by the Outlook client. Such an e-mail could lead to exploitation before the e-mail is viewed in the Preview Pane and allows an attacker to steal credential hashes by forcing the targets' devices to authenticate to an attacker-controlled server. The Computer Emergency Response Team for Ukraine (CERT-UA) reported the vulnerability to Microsoft. Based on Microsoft Threat Intelligence, a Russia-based threat actor used it in attacks to target and breach the network of several governments, military, energy, and transportation organisations in Europe between April and December 2022. They used the stolen hashes for lateral movement within the victims' networks and to change Outlook mailbox folder permissions for e-mail exfiltration. Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages.

  • 2023-017: Severe Vulnerabilities in Jenkins Products

    Thursday, March 09, 2023 05:40:00 PM CET

    On March 8, 2023, Jenkins released advisories regarding 2 severe security vulnerabilities in Jenkins server and Update Center. These vulnerabilities are identified by CVE-2023-27898 and CVE-2023-27905 and could allow an unauthenticated attacker to execute arbitrary code on the victim's Jenkins server, potentially leading to a complete compromise of the Jenkins server. Furthermore, these vulnerabilities could be exploited even if the Jenkins server is not directly reachable by attackers and could also impact self-hosted Jenkins servers.

  • 2023-016: High Vulnerability in Veeam Backup & Replication

    Thursday, March 09, 2023 05:30:00 PM CET

    On March 8, 2023, Veeam released a new security advisory revealing one high vulnerability in a Veeam Backup & Replication component. This vulnerability is identified by CVE-2023-27532 (CVSS score of 7.5) and it may allow an attacker to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts. It is highly recommended installing the latest version.

  • 2023-015: RCE Vulnerability in Fortinet Products

    Wednesday, March 08, 2023 11:15:00 PM CET

    On March 7, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiOS and FortiProxy administrative interface. This vulnerability is identified as CVE-2023-25610 (CVSS score of 9.3) and it may allow remote unauthenticated attackers to execute arbitrary code on the device and/or to perform a DoS on the GUI. Fortinet is not aware of any instance where this vulnerability was exploited in the wild.

  • 2023-014: Critical Vulnerabilities in VMware Products

    Tuesday, February 23, 2023 10:30:00 PM CET

    On February 20, 2023, the MISP project team released advisories regarding 2 critical SQL injection vulnerabilities in MISP Threat Intelligence and Sharing Platform. The team decided to follow a silent fix procedure, releasing several updates in November and December 2022, giving enough time to users to update their instances to a safe version.

  • 2023-013: Critical SQL injection vulnerabilities in MISP

    Tuesday, February 21, 2023 11:15:00 AM CET

    On February 20, 2023, the MISP project team released advisories regarding 2 critical SQL injection vulnerabilities in MISP Threat Intelligence and Sharing Platform. The team decided to follow a silent fix procedure, releasing several updates in November and December 2022, giving enough time to users to update their instances to a safe version.

  • 2023-012: RCE vulnerabilities in Fortinet products

    Monday, February 20, 2023 03:40:00 PM CET

    On February 16, 2023, Fortinet released advisories regarding critical vulnerabilities in FortiNAC and FortiWeb products that may allow unauthenticated attackers to perform remote arbitrary code or command execution.

    The first vulnerability identified as CVE-2022-39952 (CVSS score of 9.8) and is related to the FortiNAC product. FortiNAC is Fortinet’s network access control solution that enhances the Security Fabric. It also provides protection against IoT threats, extends control to third-party devices, and orchestrates automatic responses to a wide range of networking events.
    The second vulnerability identified as CVE-2021-42756 (CVSS score of 9.8) and is related to FortiWeb products. FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.

  • 2023-011: ClamAV critical vulnerability

    Monday, February 20, 2023 03:40:00 PM CET

    On February 15th, 2023, ClamAV informed about a critical vulnerability in the cross-platform antimalware toolkit. The vulnerability is identified as CVE-2023-20032 and could lead to remote code execution.

  • 2023-010: Severe Vulnerabilities in Citrix Workspace, Virtual Apps and Desktops

    Thursday, February 16, 2023 11:00:00 AM CET

    On February 14, 2023, Citrix released Security Bulletins regarding severe vulnerabilities affecting its Citrix Workspace, Virtual Apps and Desktops. If exploited, these vulnerabilities could enable attackers to elevate their privileges and take control of the affected system, but they need local access to the target.
    It is then highly recommended to install the last security updates.

  • 2023-009: Multiple Critical Vulnerabilities in Microsoft Products

    Thursday, February 16, 2023 11:00:00 AM CET

    On February 14, Microsoft released its February 2023 Patch Tuesday advisory disclosing 79 vulnerabilities (with 9 critical ones), including 3 exploited zero-day vulnerabilities identified with "CVE-2023-21823", "CVE-2023-21715" and "CVE-2023-23376", which affect respectively Windows Graphics Component, Microsoft Publisher and Windows Common Log File System Driver.
    Microsoft patched additional three remote code execution Exchange Server flaws (CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529) that are likely to be exploited, but an authentication is required.
    It is highly recommended to patch affected devices.

  • 2023-008: Vulnerability in OpenSSH

    Wednesday, February 08, 2023 06:20:00 PM CET

    The development team of the OpenSSH suite has released the version 9.2 to address several security vulnerabilities, including a memory safety bug in the OpenSSH server (sshd) tracked as CVE-2023-25136. This vulnerability can be exploited by a remote attacker to execute arbitrary code on the target system.

  • 2023-007: High Severity Vulnerability in OpenSSL

    Wednesday, February 08, 2023 06:20:00 PM CET

    On February 7, the OpenSSL project team has released a major security update to address 8 vulnerabilities. One vulnerability, tracked as CVE-2023-0286 and rated as High, may allow a remote attacker to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service.

  • 2023-006: Critical Security Flaw in Jira Service Management Server and Data Center

    Friday, February 03, 2023 07:20:00 PM CET

    A critical security flaw has been discovered in Jira Service Management Server and Data Center that can be exploited by an attacker to impersonate another user and gain unauthorized access to instances. The vulnerability is tracked as CVE-2023-22501 with a CVSS score of 9.4.

  • 2023-005: Critical Code Injection Vulnerability in QNAP Devices

    Tuesday, January 31, 2023 05:55:00 PM CET

    On January 30th, 2023, QNAP published an advisory related to a critical vulnerability, identified as CVE-2022-27596, allowing remote attackers to inject malicious code on QNAP NAS devices.

  • 2023-004: Critical Vulnerability in Several ManageEngine Products

    Monday, January 30, 2023 10:15:00 AM CET

    On January 18th, ManageEngine released updates to several ManageEngine OnPremise products. The potentially vulnerable products use outdated versions of the open-source library Apache Santuario (XML Security for Java). Products must have enabled Single-Sign-On (SSO) using the Security Assertion Markup Language (SAML) to be vulnerable. For some products, the SSO must be active, while for others, it is sufficient that SSO was active once. As a result, the vulnerability allows an unauthenticated adversary to execute arbitrary code. Additionally, a Proof-of-Concept exploit is available.

  • 2023-003: Critical Vulnerability in VMware vRealize Log Insight

    Thursday, January 26, 2023 11:55:00 AM CET

    On January 24, 2022, VMWare released a new security advisory revealing multiple vulnerabilities in VMware vRealize Log Insight. There are two critical vulnerabilities including a directory traversal vulnerability (CVE-2022-31706) and a broken access control vulnerability (CVE-2022-31704). Both of them have the CVSS score of 9.8 out of 10.
    It is highly recommended applying the last version.

  • 2023-002: Multiple critical Vulnerabilities in Git

    Thursday, January 19, 2023 10:50:00 PM CET

    During a code audit, X41 discovered several vulnerabilities in the version control system git. On January 17, the git project resolved the two most critical security vulnerabilities (CVE-2022-23521 and CVE-2022-41903) that could allow the remote execution of arbitrary code. GitHub and GitLab have also issued updates for their products, including the latest version of git. A third vulnerability (CVE-2022-41953) affects the Windows version of the Git GUI software and could also lead to the execution of arbitrary code. CERT-EU highly recommend upgrading to the latest version of git. In addition, if you are running on-premise GitHub or GitLab servers, we recommend updating them.

  • 2023-001: Zero-day and Critical Vulnerabilities in Microsoft Windows

    Wednesday, January 11, 2023 05:50:00 PM CET

    On January 10, 2023, on their first Patch Tuesday of 2023, Microsoft fixed an actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability and a total of 98 flaws. Eleven of them were classified as critical by Microsoft as they allow remote code execution, bypass security features, or elevate privileges. It is highly recommended applying the fixes as soon as possible.

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.