IT safety: Linux is susceptible – Angular IT safety warning replace (vulnerability: medium)

Federal workplace for Security in Information Technology (BSI) issued an replace on May 22, 2024 for the Angular safety vulnerability identified on February 11, 2024. The safety vulnerability impacts the Linux working system and the merchandise HCL BigFix, Open Source Angular and Open Source Camunda.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: HCL Safety Report (From 23 May 2024). Some helpful assets are listed later on this article.

Angular safety warning – Risk: medium

Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS normal makes it attainable to match potential or precise safety dangers based mostly on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally bear in mind adjustments over time within the threat state of affairs. According to CVSS, the chance of the vulnerability talked about right here is taken into account “average” with 7.5 foundation factors.

Angular Bug: A vulnerability allows a denial of service

Angular is an online software framework based mostly on TypeScript.

A distant, unknown attacker might exploit a vulnerability in Angular to carry out a denial of service assault.

Vulnerabilities are recognized by a novel CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-21490 on the market.

Systems affected by the Angular vulnerability at a look

working system
Linux

Products
HCL BigFix (cpe:/a:hcltech:bigfix)
Open Source Open Source Angular Open Source Angular >=1.3.0 (cpe:/a:angularjs:angular.js)
Camunda Open Source Camunda Open Source Camunda

General suggestions for addressing IT safety gaps

1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
2. For info, see the sources listed within the subsequent part. This usually accommodates further details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
3. If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace out there.

Manufacturer details about updates, patches and workarounds

Here you can find some hyperlinks with details about bug reviews, safety fixes and workarounds.

HCL Security Bulletin vom 2024-05-23 (22.05.2024)
For extra info, see:

Camunda Security Notices vom 2024-05-03 (05.05.2024)
For extra info, see:

GitHub Advisory Database vom 2024-02-11 (11.02.2024)
For extra info, see:

Red Hat bug tracker as of 2024-02-11 (11.02.2024)
For extra info, see:

Version historical past of this safety alert

This is model 3 of this Angular IT safety discover. This doc can be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past beneath.

02/11/2024 – First model
05/05/2024 – New updates added
05/22/2024 – New updates from HCL added

+++ Editorial observe: This doc relies on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can find scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de