- Drupal Releases Security Update to Address a Vulnerability in Apigee Edge
- Cisco Releases Security Advisories for Multiple Products
- VMware Releases Security Update for VMware vRealize Operations
_______________________________
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge
Situation:
Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x.
Problem:
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal.
Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places.
Implication:
An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information.
Need:
We encourage users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update.
Additional Resources:
Apigee Edge – Moderately critical – Access bypass – SA-CONTRIB-2023-005:
https://www.drupal.org/sa-contrib-2023-005
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/drupal-releases-security-update-address-vulnerability-apigee-edge
________________________________
Cisco Releases Security Advisories for Multiple Products
Situation:
Cisco released security updates for vulnerabilities affecting multiple products.
Problem:
Cisco has identified multiple vulnerabilities in its products that might offer an exploitation method for attackers.
Implication:
A remote attacker could exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
Additional Resources:
Cisco Security Advisories:
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Cisco Releases Security Advisories for Multiple Products CISA Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/cisco-releases-security-advisories-multiple-products
________________________________
VMware Releases Security Update for VMware vRealize Operations
Situation:
VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations
Problem:
vRealize Operations (vROps) contains a CSRF bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
Implication:
A malicious user could execute actions on the platform on behalf of the authenticated victim user.
Need:
We encourage users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates.
Additional Resources:
VMSA-2023-0002:
https://www.vmware.com/security/advisories/VMSA-2023-0002.html
VMware Releases Security Update for VMware vRealize Operations:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/01/vmware-releases-security-update-vmware-vrealize-operations