UCSF IT Technology

Drupal has released a Moderately Critical security advisory to address a vulnerability in Drupal Private Taxonomy Terms. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. For a complete description of the vulnerabilities and affected systems go to Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001.

NIST reported a High vulnerability the open source jsonwebtoken (JWT) library. An attacker could exploit these vulnerabilities to take control of an affected system.  If a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine.

SAP released their January 2023 updates to address vulnerabilities in various SAP products. An attacker could exploit these vulnerabilities to take control of an affected system. 

Cisco has released a security advisory to address a Critical vulnerability in Cisco Small Business RV016, RV042, RV042G, and RV082 Routers. Vulnerability could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.

Mandiant reported a High vulnerability in IBM InfoSphere Information Server 11.7. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. For a complete description of the vulnerabilities and affected systems go to CVE-2022-22425 Detail. IT Security

Mandiant reported a High vulnerability in Networks ArubaOS 10[.]3[.]0[.]0. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. For a complete description of the vulnerabilities and affected systems go to CVE-2022-37897 Detail. IT Security

Microsoft released their January Security Update to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to January 2023 Security Update Guide. IT Security

Adobe has released security updates to address vulnerabilities in multiple Adobe products. The most prominent update, for the widely deployed Adobe Acrobat and Reader software, fixes critical-severity flaws. Successful exploitation could lead to arbitrary code execution, application denial-of-service and memory leaks. For a complete description of the vulnerabilities and affected systems go to: