Adrian Johnson
TLDR:
VMware and Atlassian have disclosed critical vulnerabilities that could lead to remote code execution and unauthorized access, respectively. Administrators are urged to patch these vulnerabilities immediately to prevent potential exploitation. Atlassian has released fixes for a template injection flaw and a high-severity flaw in its Confluence and Jira Software products. VMware has identified a missing access control problem in its Aria Automation product and recommends upgrading to version 8.16 and applying the patch.
Admins who use VMware or Atlassian products are being urged to patch their systems immediately following the disclosure of critical vulnerabilities in both platforms. The vulnerabilities, if left unpatched, could lead to remote code execution and unauthorized access, respectively.
Atlassian has addressed two issues in its products. The most serious is a template injection flaw, known as CVE-2023-22527, in its Confluence Data Center and Server 8 versions released before December 5, 2023. This flaw could allow unauthenticated remote code execution attacks. Atlassian advises users to update to the latest available version to patch this vulnerability.
Atlassian has also released fixes for a high-severity flaw, tracked as CVE-2020-25649, that affects versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This flaw could allow XML external entity attacks, compromising data integrity. Atlassian advises users to update to the latest version of Jira Software Data Center and Server to patch this vulnerability.
Meanwhile, VMware has identified a missing access control problem in all versions of its Aria Automation product prior to version 8.16. This flaw, known as CVE-2023-34063, could allow unauthorized access to remote organizations and workflows. VMware recommends upgrading to version 8.16 and applying the patch to address this vulnerability.
Both VMware and Atlassian have not reported any instances of exploitation of these vulnerabilities as of now. However, it is important for users to patch their systems promptly to avoid potential attacks.
