Ridge Security annuncia la nuova release 4.2.7 di RidgeBot con la nuova Plugin Library 4.48.
Ridge Security annuncia RidgeBot 4.2.8, ora disponibile per il download. Quest’ultimo aggiornamento introduce 48 nuovi plugin, inclusi tre dei CVE più recenti del 2024, pubblicati da CISA a gennaio. Tra questi, CVE-2024-0204, una vulnerabilità di bypass dell’autenticazione a più fattori scoperta in Forta GoAnywhere. Se si utilizzasse Forta, Ridge vi invita vivamente a testare i sistemi con RidgeBot e ad aggiornarli alla versione con patch.
| New Application Scan Plugins | New Exploit Plugins in Plugin Library 4.48 |
|---|---|
| MagnusSolution MagnusBilling RCE(CVE-2023-30258) | GoAnywhere MFT Authentication Bypass (CVE-2024-0204) |
| Craft CMS RCE(CVE-2023-41892) | PyLoad Cross-Site Request Forgery (CSRF) (CVE-2024-22416) |
| Apache OfBiz RCE(CVE-2023-49070) | Arcserve UDP Authentication Bypass Vulnerability (CVE-2023-26258) |
| Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability(CVE-2021-26085)/Citrix NetScaler ADC Buffer Overflow Vulnerability (CVE-2023-4966) | PowerJob Broken Access Control (CVE-2023-29923) PyLoad Improper Access Control (CVE-2024-21644) DotCMS Unrestricted File Upload (CVE-2022-26352) |
| SPIP Form Value RCE (CVE-2023-27372)/ Splunk XML Injection RCE (CVE-2023-46214) | MajorDoMo Command Injection RCE (CVE-2023-50917) Vmware Aria Operations for Networks Command Injection (CVE-2023-20887) WordPress plugin POST SMTP Mailer authorization missing (CVE-2023-6875) |
| Splunk XML Injection RCE (CVE-2023-46214) OwnCloud Graphapi Information Disclosure (CVE-2023-49103) request-baskets SSRF (CVE-2023-27163) | WordPress plugin Ultimate Member Privilege Escalation (CVE-2023-3460) Zoho ManageEngine Remote Code Execution (CVE-2022-47966) BQE BillQuick Web Suite SQL Injection (CVE-2021-42258) |
| PowerJob Broken Access Control (CVE-2023-29923) PyLoad Improper Access Control (CVE-2024-21644) DotCMS Unrestricted File Upload (CVE-2022-26352) | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability (CVE-2023-29300) Atlassian Confluence Data Center and Server Template Injection Vulnerability (CVE-2023-22527) Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability (CVE-2023-3519) |
| MajorDoMo Command Injection RCE (CVE-2023-50917) Vmware Aria Operations for Networks Command Injection (CVE-2023-20887) WordPress Plugin POST SMTP Mailer authorization missing (CVE-2023-6875) | SPIP Form Value RCE (CVE-2023-27372) Splunk XML Injection RCE (CVE-2023-46214) OwnCloud Graphapi Information Disclosure (CVE-2023-49103) |
| Oracle WebLogic Server RCE (CVE-2023-21839) /VMWare Aria Operations for Logs RCE (CVE-2023-20864) / Fortra GoAnywhere MFT RCE (CVE-2023-0669) | Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085) Citrix NetScaler ADC Buffer Overflow Vulnerability (CVE-2023-4966) Zerologon-Windows Netlogon Elevation of Privilege (CVE-2020-1472) |
| MagnusSolution MagnusBilling RCE(CVE-2023-30258) Craft CMS RCE(CVE-2023-41892) Apache OfBiz RCE(CVE-2023-49070) | WordPress Plugin Ultimate Member Privilege Escalation(CVE-2023-3460) Zoho ManageEngine Remote Code Execution (CVE-2022-47966) BQE BillQuick Web Suite SQL Injection (CVE-2021-42258) |
Scopri RidgeBot
Compila il form per richiedere informazioni su RidgeBot
Articolo originale: RidgeBot 4.2.8 Release Annoucement – autore Ridge Security Marketing
Traduzione e riadattamento da parte di CIPS Informatica -Ridge Security Blog - © 2022 Ridge Security, Inc.
Articolo originale: RidgeBot 4.2.1 Release Annoucement – autore Ridge Security Marketing
Traduzione e riadattamento da parte di CIPS Informatica -Ridge Security Blog - © 2022 Ridge Security, Inc.