Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

High-risk flaws found in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager

Security researchers warn businesses to prioritise remediation as fast as possible to beat dangerous vulnerabilities.

user icon David Hollingworth
Fri, 20 Sep 2024
High-risk flaws found in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager
expand image

Researchers at Rapid7 warn their customers – and just about everyone else, too – to immediately expedite addressing vulnerabilities in four common enterprise technology platforms.

The warnings are based on critical advisories released by Adobe, Broadcom, and Ivanti, and Rapid7 considers the listed vulnerabilities to be “attractive potential attack targets for both state-sponsored and financially motivated adversaries”.

Adobe released an advisory for CVE-2024-4187 on 10 September, a remote code execution flaw in Adobe ColdFusion linked to unsafe Web Distributed Data eXchange packet deserialisation. Rapid7 has seen previous attempts at remote code execution targeting Wddx as well as exploitation of several other ColdFusion vulnerabilities.

============
============

Versions of ColdFusion 2023 prior to update nine are vulnerable to this CVE, while update 15 and earlier versions of ColdFusion 2021 are also vulnerable. The issue has been resolved in versions 10 and 16 of each.

Ivanti also released an advisory on 10 September, this time for Ivanti Endpoint Manager. CVE-2024-29847 is another remote code execution flaw related to unsafe deserialisation. It impacts Ivanti Endpoint Manager 2022 SU5 and its earlier versions and Ivanti Endpoint Manager 2024.

Ivanti Endpoint Manager 2022 SU5 can be updated to 2022 SU6 to remediate the vulnerability, while users of the 2024 version will need to install a security patch, which Ivanti has provided alongside its advisory.

For its part, Broadcom released an advisory on 17 September regarding CVE-2024-38812, this time a critical heap overflow vulnerability in its VMware vCenter Server. Again, the flaw could lead to remote code execution on the vulnerable server, and alongside CVE-2024-38813 – also reported by Broadcom on the same day – makes for a full-chain exploit.

“We are not aware of exploitation in the wild as of September 19, 2024,” Rapid7 said in a blog post overnight, “but vCenter Server is a high-value attack target for ransomware and extortion groups”.

Both Broadcom VMware vCenter Server 7.0 and 8.0 are vulnerable, and Broadcom has made several fixes available depending on the version.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.