This update adds SSO domain name detection.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vCenter Server, allows unauthenticated attackers to execute system commands.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vRealize Operations Manager, allows unauthenticated attackers to execute system commands.
A deserialization vulnerability present in the TypedBinaryFormatter class allows authenticated remote attackers to execute arbitrary OS commands with SYSTEM user privileges.
An OGNL injection vulnerability in Confluence Server and Data Center allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
The password input field in the "/auth/" and "/auth/change" endpoints of Cisco HyperFlex HX Installer Virtual Machine allow an unauthenticated attacker to execute systems commands as root.
A combination of a path confusion that leads to an authentication bypass (ACL), an elevation of privilege and an arbitrary file write vulnerability, allows unauthenticated attackers to execute commands with SYSTEM privileges in Microsoft Exchange Server.
A remote code execution vulnerability exists in OMI. An unauthenticated, remote attacker can exploit this flaw by sending a specially crafted request to a vulnerable service over a publicly accessible remote management port.
A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
A JSON deserialization vulnerability present in the test alert actions allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is not required to exploit this vulnerability.