iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Security researchers are warning businesses to prioritise remediation as fast as possible to beat dangerous vulnerabilities.
Researchers at Rapid7 are warning their customers – and just about everyone else, too – to immediately expedite addressing vulnerabilities in four common enterprise technology platforms.
The warnings are based on critical advisories released by Adobe, Broadcom, and Ivanti, and Rapid7 considers the listed vulnerabilities to be “attractive potential attack targets for both state-sponsored and financially motivated adversaries”.
Adobe released an advisory for CVE-2024-4187 on September 10, a remote code execution flaw in Adobe ColdFusion linked to unsafe Web Distributed Data eXchange packet deserialisation. Rapid7 has seen previous attempts at remote code execution targeting Wddx as well as exploitation of several other ColdFusion vulnerabilities.
Versions of ColdFusion 2023 prior to update nine are vulnerable to this CVE, while update 15 and earlier versions of ColdFusion 2021 are also vulnerable. The issue has been resolved in versions 10 and 16 of each.
Ivanti also released an advisory on September 10, this time for Ivanti Endpoint Manager. CVE-2024-29847 is another remote code execution flaw related to unsafe deserialisation. It impacts Ivanti Endpoint Manager 2022 SU5 and its earlier versions and Ivanti Endpoint Manager 2024.
Ivanti Endpoint Manager 2022 SU5 can be updated to 2022 SU 6 to remediate the vulnerability, while users of the 2024 version will need to install a security patch, which Ivanti has provided alongside its advisory.
For its part, Broadcom released an advisory on September 17 regarding CVE-2024-38812, this time a critical heap overflow vulnerability in its VMware vCenter Server. Again, the flaw could lead to remote code execution on the vulnerable server, and alongside CVE-2024-38813 – also reported by Broadcom on the same day – makes for a full-chain exploit.
“We are not aware of exploitation in the wild as of September 19, 2024,” Rapid7 said in a blog post overnight, “but vCenter Server is a high-value attack target for ransomware and extortion groups.”
Both Broadcom VMware vCenter Server 7.0 and 8.0 are vulnerable, and Broadcom has made several fixes available depending on the version.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
