Patch now: VMware, Atlassian expose critical flaws Stay secure

January 17, 2024
1 min read

TLDR:

VMware and Atlassian have disclosed critical vulnerabilities that could lead to remote code execution and unauthorized access, respectively. Administrators are urged to patch these vulnerabilities immediately to prevent potential exploitation. Atlassian has released fixes for a template injection flaw and a high-severity flaw in its Confluence and Jira Software products. VMware has identified a missing access control problem in its Aria Automation product and recommends upgrading to version 8.16 and applying the patch.

Admins who use VMware or Atlassian products are being urged to patch their systems immediately following the disclosure of critical vulnerabilities in both platforms. The vulnerabilities, if left unpatched, could lead to remote code execution and unauthorized access, respectively.

Atlassian has addressed two issues in its products. The most serious is a template injection flaw, known as CVE-2023-22527, in its Confluence Data Center and Server 8 versions released before December 5, 2023. This flaw could allow unauthenticated remote code execution attacks. Atlassian advises users to update to the latest available version to patch this vulnerability.

Atlassian has also released fixes for a high-severity flaw, tracked as CVE-2020-25649, that affects versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This flaw could allow XML external entity attacks, compromising data integrity. Atlassian advises users to update to the latest version of Jira Software Data Center and Server to patch this vulnerability.

Meanwhile, VMware has identified a missing access control problem in all versions of its Aria Automation product prior to version 8.16. This flaw, known as CVE-2023-34063, could allow unauthorized access to remote organizations and workflows. VMware recommends upgrading to version 8.16 and applying the patch to address this vulnerability.

Both VMware and Atlassian have not reported any instances of exploitation of these vulnerabilities as of now. However, it is important for users to patch their systems promptly to avoid potential attacks.

Latest from Blog

Top VPN’s privacy claims confirmed by independent auditors

TLDR: Independent auditors from Deloitte Romania confirmed CyberGhost VPN’s privacy claims through a detailed audit of their systems. Auditors found that CyberGhost’s no-logs infrastructure works as expected, ensuring user data privacy. Independent

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for