Thursday, January 5, 2023

Zoho And Fortinet Releases Advisory Warning High-Severity Vulnerabilities. Patch Now!

We strongly recommend applying the security update for these vulnerabilities on high priority.

Zoho And Fortinet Releases Advisory Warning High-Severity Vulnerabilities. Patch Now!

Date

5th January 2023

CVE(s)

CVE-2022-47523, CVE-2022-39947, CVE-2022-35845

Affected Product(s)
Zoho PAM360, Zoho Access Manager Plus, Zoho Password Manager Pro, Fortinet FortiADC, Fortinet FortiTester

Severity
High

Zoho And Fortinet Releases Advisory Warning High-Severity Vulnerabilities. Patch Now!

Zoho addresses a critical security vulnerability CVE-2022-47523 in Zoho ManageEngine PAM360, Zoho ManageEngine Access Manager Plus, and Zoho ManageEngine Password Manager Pro. The critical vulnerability exists due to insufficient sanitization of user-supplied data. Successful exploitation of this vulnerability allows a remote attacker to read, delete, and modify data in the database and gain complete control over the affected application.

Fortinet has also addressed critical command injection flaws CVE-2022-39947 and CVE-2022-35845 in multiple versions of FortiADC and FortiTester. 
The flaws exist due to improper neutralization of special elements used in both products. Successful exploitation will allow the remote attacker to execute arbitrary code on the affected system.

We strongly recommend applying the security update for these vulnerabilities on high priority. And if you found this valuable, please share it with your other IT SysAdmin Friends!

Stay Alert and Secure!

Team SecPod

No comments:

Post a Comment

The Daily 3: Wellcare dropped 140,000 beneficiaries from zero-premium drug plans over unpaid premiums as low as $8.10—can't re-enroll until January, face lifetime penalty

Catch up in minutes with your daily briefing on the Social Security, Medicare & Retirement news that affects you most.  ‌ ‌ ‌ ‌ ‌ ‌...