Red Hat has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Red Hat Security Advisories dated 22nd May 2024 and apply necessary updates.

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review IBM Security Bulletins dated 22nd May 2024 and apply necessary updates.

Slackware has released security updates to address vulnerabilities in Maria DB. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Slackware Security Advisories and apply necessary updates.

Advisory No: TZCERT/SA/2024/05/17-6

Date of First Release: 17^th May 2024

Source: IBM

Software Affected: IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration

Overview:

IBM applications are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerability to execute arbitrary code on the affected system.

Description:

IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration are affected by critical vulnerability rated at 9.8 and tracked as CVE-2019-19919 and CVE-2019-12384. The vulnerabilities exist in Node.js handlebars and FasterXML jackson-databind. The attackers can send specially crafted messages to execute arbitrary code on the vulnerable system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://exchange.xforce.ibmcloud.com/vulnerabilities/173388
2. https://exchange.xforce.ibmcloud.com/vulnerabilities/162849

Advisory No: TZCERT/SA/2024/05/17-5

Date of First Release: 17^th May 2024

Source: Bosch

Software Affected: Bosch Praesensa Logging Application, Bosch Praesideo Logging Application, and Bosch Praesideo PC Call Station

Overview:

Three Bosch are vulnerable to a critical vulnerability. The attackers can leverage the vulnerability to execute arbitrary code on the server machine.

Description:

The critical vulnerability rated at 9.8 and tracked as CVE-2024-25104 is affecting Bosch Praesensa Logging Application, Bosch Praesideo Logging Application, and Bosch Praesideo PC Call Station. The weakness is caused by missing a security tactic during the architecture and design phase. Attackers can exploit the vulnerability to execute remote code on the server machine.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control of affected system.

Solution:

Bosch has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://psirt.bosch.com/security-advisories/bosch-sa-106054-bt.html