Manual mitigation for CVE-2022-31659 and CVE-2022-31656
Jack Pincombe
Information Security Analyst
The high profile vulnerability assigned 'CVE-2022-31659 VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
In addition to this another High profile VMware vulnerability POC has became available for CVE-2022-31656 which is a authentication bypass exploit allowing an attacker to bypass authentication.
Log in to See the manual mitigation steps here.
Manual Mitigation for CVE-2022-27924: Zimbra Collaboration Arbitrary Memcache Command Injection
The high profile vulnerability assigned 'CVE-2022-27924: Zimbra Collaboration Arbitrary Memcache Command Injection' has been posted in June and is now reported being actively exploited according to CISA.
Vulnerability Description: Zimbra is an enterprise-level email solution, similar to Microsoft Exchange. It comes with mail servers, load balancing features, a powerful web interface, and more. The vulnerability allows an attacker to steal the login credentials from users of a targeted Zimbra deployment.
#AllImperva#CloudWAF(formerlyIncapsula)#On-PremisesWAF(formerlySecuresphere)------------------------------
Sarah Lamont
Digital Community Manager
------------------------------