Home » IT Security: Linux, UNIX and Windows are beneath risk – IT safety alert about new vulnerability in Drupal

IT Security: Linux, UNIX and Windows are beneath risk – IT safety alert about new vulnerability in Drupal

by admin
IT Security: Linux, UNIX and Windows are beneath risk – IT safety alert about new vulnerability in Drupal

There is a present safety warning from BSI for Drupal. Here you will discover out what threatens IT safety in Linux, UNIX and Windows methods, how excessive the danger is and what it’s best to do about it.

Federal workplace for Security in Information Technology (BSI) revealed a safety advisory for Drupal on June 5, 2024. The working methods Linux, UNIX and Windows in addition to the open supply product Drupal are affected by the safety hole.

The newest producer suggestions relating to updates, workarounds and safety patches for this vulnerability could be discovered right here: Drupal Security Advisory (Stop: 05.06.2024).

Drupal safety warning – Vulnerability: medium

Risk degree: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS normal makes it potential to match potential or precise safety dangers based mostly on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For non permanent impact, body situations which will change over time are thought-about within the take a look at. According to CVSS, the danger of the vulnerability talked about right here is evaluated as “inner” with a base rating of seven.5.

Drupal Bug: Vulnerability Enables Denial of Service

Drupal is a free content material administration system based mostly on the PHP scripting language and an SQL database. The vary of features of the principle set up could be expanded individually utilizing a number of extensions.

See also  IT Security: Linux is susceptible - IT safety warning replace about Rsync (vulnerability: medium)

A distant, unknown attacker may exploit a vulnerability in Drupal to conduct a denial of service assault.

Systems affected by Drupal safety vulnerabilities at a look

Operating methods
Linux, UNIX, Windows

Products
Open Source Drupal Open Source Drupal Acquia DAM Open Source Drupal Acquia DAM

General steps for coping with IT vulnerabilities

  1. Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This typically accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently verify if IT safety alert Affected producers present a brand new safety replace.

Sources for updates, patches and workarounds

Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.

Drupal Security Advisory vom 2024-06-05 (05.06.2024)
For extra data, see:

Version historical past of this safety alert

This is the primary model of this Drupal IT safety discover. If updates are introduced, this doc might be up to date. You can examine adjustments or additions on this model historical past.

June 5, 2024 – First model

+++ Editorial observe: This doc relies on present BSI information and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

See also  films, series and programs to see on August 26th...

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy