Oracle has released security updates to address vulnerabilities in Oracle Linux OS. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Oracle Security Advisories dated 28^th February 2023 and apply necessary updates.

SUSE has released security updates to address vulnerabilities in Linux Kernel. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review SUSE Security Advisory SUSE-SU-2023:0553-1 and apply necessary updates.

Advisory No: TZCERT/SA/2023/02/24

Date of First Release: 24^th February 2023

Source: VMWARE

Software Affected:  App Control: 8.9.x, 8.8.x, 8.7.x ( Running on Windows)

Overview:

VMware has released patches to address a critical security vulnerability affecting Carbon Black App Control, an enterprise solution for preventing untrusted software from executing on critical systems and endpoints. This vulnerability could allow attackers to take control of a affected system.

Description:

This injection vulnerability is tracked as CVE-2023-20858 (CVSS score: 9.1). An attacker with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.vmware.com/security/advisories/VMSA-2023-0004.html

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review IBM Security Advisories and apply necessary updates.

Tenable has released security updates to address vulnerabilities in Tenable.sc. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review Tenable Security Advisories tns-2023-06 and tns-2023-05   and apply necessary updates.