An IT safety alert replace for a identified vulnerability has been launched to Apache Commons. You can discover out what affected customers can do right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 for the Apache Commons safety vulnerability identified on February 18, 2024. The safety vulnerability impacts Linux working techniques, MacOS Storage Insights.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: IBM Security Bulletin 7149302 (From 24 May 2024). Some helpful hyperlinks are listed later on this article.
Apache Commons Security Advisory – Risk: Medium
Risk stage: 3 (reasonable)
CVSS Base Score: 7.8
CVSS provisional rating: 6,8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc techniques. The CVSS commonplace makes it attainable to check potential or precise safety dangers based mostly on numerous metrics to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For momentary impact, body circumstances which will change over time are thought of within the check. According to CVSS, the chance of the vulnerability talked about right here is taken into account “reasonable” with 7.8 foundation factors.
Apache Commons Bug: Multiple vulnerabilities permit a denial of service
Apache Commons is an Apache mission that covers all points of reusable Java elements.
A neighborhood attacker can exploit a number of vulnerabilities in Apache Commons to carry out a denial of service assault.
Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2024-25710 and CVE-2024-26308 on the market.
Systems affected by the safety hole at a look
Operating techniques
Linux, MacOS X, UNIX, Windows
Products
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
IBM License Metric Tool 9.2 (cpe:/a:ibm:license_metric_tool)
Apache Commons Compress IBM Tivoli Netcool/OMNIbus Red Hat Enterprise Linux Quarkus 3.2.11 (cpe:/o:redhat:enterprise_linux)
IBM App Connect Enterprise IBM App Connect Enterprise IBM Storage Insights
General steps for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently verify if IT safety alert Affected producers present a brand new safety replace.
Manufacturer details about updates, patches and workarounds
Here you can see some hyperlinks with details about bug reviews, safety fixes and workarounds.
IBM Security Bulletin 7149302 vom 2024-05-24 (23.05.2024)
For extra info, see:
IBM Security Bulletin 7154409 vom 2024-05-20 (20.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2833 vom 2024-05-14 (13.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1948 vom 2024-04-22 (22.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1797 vom 2024-04-22 (22.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1924 vom 2024-04-18 (18.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1923 vom 2024-04-18 (18.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1662 vom 2024-04-03 (03.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1509 vom 2024-03-26 (26.03.2024)
For extra info, see:
IBM Security Bulletin 7144238 vom 2024-03-19 (19.03.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-2493 vom 2024-03-19 (18.03.2024)
For extra info, see:
IBM Security Bulletin 7142168 vom 2024-03-15 (14.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0726-1 vom 2024-02-29 (29.02.2024)
For extra info, see:
NIST Vulnerability Database vom 2024-02-18 (18.02.2024)
For extra info, see:
NIST Vulnerability Database vom 2024-02-18 (18.02.2024)
For extra info, see:
Apache Security Advisory vom 2024-02-18 (18.02.2024)
For extra info, see:
Apache Security Advisory vom 2024-02-18 (18.02.2024)
For extra info, see:
Version historical past of this safety alert
This is model 12 of this Apache Commons IT safety discover. If additional updates are introduced, this doc might be up to date. You can examine modifications or additions on this model historical past.
02/18/2024 – First model
02/29/2024 – New updates from SUSE added
March 14, 2024 – New updates from IBM and IBM-APAR added
March 18, 2024 – Added new updates from Amazon
03/19/2024 – New updates from IBM added
03/26/2024 – New updates from Red Hat added
04/03/2024 – New updates from Red Hat have been added
April 18, 2024 – New updates from Red Hat have been added
04/22/2024 – New updates from Red Hat have been added
May 13, 2024 – New updates from Red Hat have been added
May 20, 2024 – New updates from IBM and IBM-APAR added
May 23, 2024 – New updates from IBM added
+++ Editorial notice: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can see sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de