23.1 C
London
Tuesday, September 3, 2024

Excessive-Severity Flaws Uncovered in Atlassian Merchandise and ISC BIND Server


Sep 22, 2023THNServer Safety / Vulnerability

Excessive-Severity Flaws Uncovered in Atlassian Merchandise and ISC BIND Server

Atlassian and the Web Methods Consortium (ISC) have disclosed a number of safety flaws impacting their merchandise that might be exploited to attain denial-of-service (DoS) and distant code execution.

The Australian software program providers supplier stated that the 4 high-severity flaws have been fastened in new variations shipped final month. This consists of –

  • CVE-2022-25647 (CVSS rating: 7.5) – A deserialization flaw within the Google Gson package deal impacting Patch Administration in Jira Service Administration Information Heart and Server
  • CVE-2023-22512 (CVSS rating: 7.5) – A DoS flaw in Confluence Information Heart and Server
  • CVE-2023-22513 (CVSS rating: 8.5) – A RCE flaw in Bitbucket Information Heart and Server
  • CVE-2023-28709 (CVSS rating: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Information Heart and Server

The issues have been addressed within the following variations –

  • Jira Service Administration Server and Information Heart (variations 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later)
  • Confluence Server and Information Heart (variations 7.19.13, 7.19.14, 8.5.1, 8.6.0, or later)
  • Bitbucket Server and Information Heart (variations 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0, or later)
  • Bamboo Server and Information Heart (variations 9.2.4, 9.3.1, or later)

Two Excessive-Severity Flaws in BIND Mounted

In a associated growth, ISC has launched fixes for 2 high-severity bugs affecting the Berkeley Web Title Area (BIND) 9 Area Title System (DNS) software program suite that might pave the way in which for a DoS situation –

  • CVE-2023-3341 (CVSS rating: 7.5) – A stack exhaustion flaw in management channel code could trigger named to terminate unexpectedly (fastened in variations 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
  • CVE-2023-4236 (CVSS rating: 7.5) – The named service could terminate unexpectedly underneath excessive DNS-over-TLS question load (fastened in variations 9.18.19 and 9.18.19-S1)

The newest patches arrive three months after ISC rolled out fixes for 3 different flaws within the software program (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that might lead to a DoS situation.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Latest news
Related news

LEAVE A REPLY

Please enter your comment!
Please enter your name here