Overview
Atlassian, which offers the Confluence collaboration tool, has increased the CVSS score of the recent CVE-2023-22518 exploited-vulnerability from 9.1 to 10 owing to a change in the scope of attacks, including the use of ransomware. This vulnerability was discovered where the Confluence Data Center and Server customers have been shown to be vulnerable to significant data loss if exploited by an unauthenticated attacker.
Veeam has released a security advisory addressing four vulnerabilities affecting Veeam ONE, a monitoring, reporting and capacity-planning tool. One vulnerability (CVE-2023-38547) is categorised as critical, as it could allow an attacker to perform remote code execution on the SQL server to gain unauthorised access to data. CVE-2023-38548 allows an unprivileged user, who has access to the Veeam ONE Web Client, the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
SysAid, the IT service management platform used for managing IT services, has disclosed a previously unknown and critical path-traversal vulnerability leading to code execution within the SysAid on-prem software. Microsoft has identified that this vulnerability has been exploited by the DEV-0950 (Lace Tempest) group. Attacks begin where a WAR archive (with WebShell) is uploaded
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Atlassian – Confluence Security Article
Veeam – Support Knowledge Base
SysAid – Service Desk Blog
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.