UCSF IT Technology

Cisco has released a security advisory to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Cisco Security Advisories page. IT Security

Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. Apple notes that the flaw allowed a sandboxed process to circumvent sandbox restrictions, and that improved environment sanitization resolved the issue.

An improper authentication vulnerability exists within Trend Micro Apex One for SaaS. Successful exploitation of this vulnerability could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations. For a complete description of the vulnerabilities and affected systems go to Trend Micro Security Bulletin September 2022. IT Security

Mandiant reveals vulnerability within Moodle 4.0.2. A remote code execution risk when restoring backup files originating from Moodle 1.9 For a complete description of the vulnerabilities and affected systems go to Moodle Security Announcement. IT Security Read more about IT Security service offerings.

IBM released a patch to address a vulnerability in the IBM InfoSphere Information Server on Cloud 11.7. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. For a complete description of the vulnerabilities and affected systems go to IBM Security Bulletin. IT Security Read more about IT Security service offerings.

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to perform arbitrary code execution. For a complete description of the vulnerabilities and affected systems go to Samba Security Releases. IT Security Read more about IT Security service offerings.

Mozilla released security updates to address High vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks. For a complete description of the vulnerabilities and affected systems go to Mozilla Foundation Security Advisories. IT Security

Cisco released security updates to address Medium and High vulnerabilities in the Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files.

Foxit has released security updates to address vulnerabilities in Foxit Reader.  A remote attacker could exploit these vulnerabilities to perform arbitrary code execution. For a complete description of the vulnerabilities and affected systems go to Security updates available in Foxit PDF Reader 12.0.2 and Foxit PDF Editor 12.0.2. IT Security

Lenovo has released security updates to address vulnerabilities in Lenovo UEFI Firmware impacting multiple devices.  Because UEFI is responsible for launching the operating system when a device is powered on, it has made the technology an attractive option for threat actors looking to drop malware that's difficult to detect and remove.