Here are the CVE updates for the week of January 6th through the 12th.
CRITICAL SEVERITY VULNERABILITIES
Oracle WebLogic Server Unspecified Vulnerability | CVE-2020-2883
Description: Identifies a critical remote code execution vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. The flaw exists in supported versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0. It can be exploited by unauthenticated attackers with network access via IIOP or T3 protocols. Successful exploitation allows attackers to fully compromise the Oracle WebLogic Server.
Potential Impacts:
- Server Takeover: Attackers could gain full control over the Oracle WebLogic Server.
- Data Breach: Compromised servers could expose sensitive data.
- Service Disruption: Exploitation may lead to the unavailability or instability of the WebLogic Server.
- Lateral Movement: Attackers could use the compromised server to infiltrate other systems within the network.
Mitigation Recommendations:
- Update Immediately: Apply the latest Oracle Critical Patch Update (CPU) for the affected versions.
- Restrict Network Access: Limit server access to trusted networks. Disable unnecessary protocols like IIOP and T3.
- Use Firewalls: Configure firewalls to block untrusted traffic to and from the server.
- Monitor Activity: Implement monitoring tools to detect unauthorized access and anomalous activity.
- Secure Configurations: Enforce best practices, such as minimizing permissions and securing configurations, to reduce the attack surface.
Mitel MiCollab NuPoint Unified Messaging Path Traversal Vulnerability | CVE-2024-41713
Description: Identifies a path traversal vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through version 9.8 SP1 FP2 (9.8.1.201). This vulnerability stems from insufficient input validation, enabling an unauthenticated attacker to exploit the system. A successful exploit allows unauthorized access to system files and data, with the potential for viewing, corrupting, or deleting user data and system configurations.
Potential Impacts:
- Unauthorized Access: Attackers could access sensitive files and directories outside their intended scope.
- Data Integrity Risks: Exploitation may lead to corruption or deletion of user data or critical system files.
- Service Disruption: Manipulation of system configurations could disrupt the proper functioning of the messaging component.
Mitigation Recommendations:
- Patch and Update: Upgrade to a patched version of Mitel MiCollab that resolves this vulnerability.
- Input Validation: Enhance the application by properly validating and sanitizing all user-supplied input.
- Restrict File Access: Implement file system permissions to limit access to critical directories and files.
- Monitor System Activity: Use security monitoring tools to detect and prevent unauthorized access attempts.
- Network Segmentation: Limit access to the vulnerable component by isolating it from public-facing networks.
Ivanti Stack-Based Buffer Overflow Remote Code Execution Vulnerability | CVE-2025-0282
Description: This vulnerability allows a remote, unauthenticated attacker to exploit the flaw, potentially achieving remote code execution (RCE). The issue arises due to improper handling of user-supplied input, leading to a buffer overflow condition. Identifies a stack-based buffer overflow vulnerability in several Ivanti products:
- Ivanti Connect Secure: Affected versions are those before 22.7R2.5.
- Ivanti Policy Secure: Affected versions are those before 22.7R1.2.
- Ivanti Neurons for ZTA gateways: Affected versions are those before 22.7R2.3.
Potential Impacts:
- Remote Code Execution: Attackers could execute arbitrary code in the context of the vulnerable process, potentially gaining control of the system.
- Data Breach: Exploitation may lead to unauthorized access to sensitive data.
- System Compromise: A successful exploit could allow attackers to pivot within the network, further compromising other systems.
Mitigation Recommendations:
- Patch and Update:
- Upgrade Ivanti Connect Secure to version 22.7R2.5 or later.
- Upgrade Ivanti Policy Secure to version 22.7R1.2 or later.
- Upgrade Ivanti Neurons for ZTA gateways to version 22.7R2.3 or later.
- Network Segmentation: Restrict access to Ivanti systems to trusted networks and authenticated users only.
- Implement Intrusion Prevention Systems (IPS): Use IPS to detect and block exploitation attempts targeting this vulnerability.
- Input Validation: Ensure that all user-supplied inputs are properly validated to prevent overflow conditions.
- Monitor and Log Activity: Employ logging and monitoring tools to detect unusual patterns or exploit attempts targeting vulnerable Ivanti systems.
WeGIA File Upload Vulnerability | CVE-2025-22133
Description: Highlights a critical vulnerability in WeGIA, a web management system for charities, affecting version 3.2.8 and earlier. The issue resides in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint, which does not sufficiently validate uploaded files. This flaw allows attackers to upload malicious files, such as .phar, which can be executed by the server, enabling unauthorized actions and posing a significant security risk.
Potential Impacts:
- Remote Code Execution (RCE): Malicious file execution could allow attackers to compromise the server.
- Unauthorized Access: Attackers may gain control over sensitive application features or data.
- Data Breach: Exploitation could lead to exposure or theft of confidential information.
- Service Disruption: Malicious activities could degrade or disrupt the application’s availability.
Mitigation Recommendations:
- Update WeGIA: Upgrade to version 3.2.8 or later.
- Restrict File Types: Allow only safe and required file types to be uploaded.
- Block File Execution: Configure the server to prevent execution of uploaded files.
- Validate Inputs: Enforce strong input validation and sanitization on uploaded files.
- Monitor System Activity: Use logs and alerts to detect unauthorized uploads or execution attempts.
- Apply Access Controls: Limit access to file upload endpoints to trusted users only.
HIGH SEVERITY VULNERABILITIES
Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability | CVE-2024-3393: Highlights a Denial of Service (DoS) vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted malicious packet through the firewall’s data plane. Successfully triggering this issue causes the firewall to reboot, and repeated exploitation could force it into maintenance mode, disrupting its functionality and network operations.
SQL Injection Vulnerabilities in Reporting Application | CVE-2024-9134: Highlights SQL Injection vulnerabilities in the reporting application. These flaws allow users with advanced access rights to manipulate SQL queries, potentially enabling the execution of malicious commands. Exploitation of these vulnerabilities can impact the underlying operating system, leading to privilege escalation and unauthorized access to critical systems.
MEDIUM SEVERITY VULNERABILITIES
Mitel MiCollab Path Traversal Vulnerability | CVE-2024-56227: Identifies a local file read vulnerability in Mitel MiCollab through version 9.8 SP2. This issue arises from insufficient input sanitization, which allows an authenticated attacker with administrative privileges to access files constrained to the admin access level. The disclosed information is limited to non-sensitive system details, and this vulnerability does not enable file modification or privilege escalation.
ZeroWdd MyBlog Unrestricted File Upload Vulnerability | CVE-2024-13191: Identifies a critical vulnerability in ZeroWdd myblog 1.0. The issue exists in the file upload function within src/main/java/com/wdd/myblog/controller/admin/uploadController.java. Insufficient validation allows maliciously crafted files to bypass restrictions, leading to unrestricted uploads. This vulnerability is exploitable remotely, and the public disclosure of the exploit significantly increases the risk of attacks.
Authentication Token Retrieval Vulnerability | CVE-2024-9133: Exposes a vulnerability allowing administrator users to retrieve authentication tokens. These tokens can be exploited to gain unauthorized access to protected systems and data. This issue presents a critical risk as attackers could bypass security measures, compromising sensitive information.