The OpenSSL patch (v3.0.7) is now released (OpenSSL patch v3.0.7 for Vulnerability 2022), and you still have time to assess what are the potentially vulnerable products in your environment. Here’s the link to download the fix. OpenSSL security update is out, with fixes for CVE-2022-3786 and CVE-2022-3602. Vulnerabilities were also downgraded from Critical to High …
Category: Vulnerability Management
Mar 15
Critical Vulnerabilities Discovered in Veeam Products
Veeam annouced patches for critical vulnerabilities impacting their products this weekend. The flaws has been uncovevered by Positive Technologies, a cybersecurity company based in South Korea. Let’s take a closer look to this vulnerabilities found.
Dec 19
Log4J 2.17.0 is published
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError …
Dec 14
Veeam is not affected by Log4J vulnerability
Apache isn’t used by any Veeam product, however, the Veeam security team realized an investigation. Veeam products are not affected by this vulnerability (KB 4254). Basically, Apache Logs4J is not in use by any Veeam products. I’ll cross-post any important updates but you can see the thread yourself here.
Follow me
