Remote code execution

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

CVE-2021-34371

Summary of the issue (CVE-2021-34371): Neo4j up to version 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, such as via setSessionVariable. This can enable remote code execution because gadget chains exist in the affected environment. In pr...

Neo4j 3.4.18 - RMI based Remote Code Execution Exploit

Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on: Windows, Mac In old...

Neo4j 3.4.18 Remote Code Execution

Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...

Security Bulletin: Potential vulnerability in OpenSSL

Summary A potential vulnerability has been identified related to OpenSSL. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Information Server

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attack...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2021-3449, CVE-2021-3450)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointe...

Third party risk management and the cloud

Risk is inevitable with third party vendors that have access to your company and client data. With expanding attack surfaces, dispersed supply chains, and IoT issues on the rise, TPRM third party risk management is becoming a more mission-critical security practice in the cloud. Lets look at...

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a...

Code Injection in laravel/framework

✍️ Description Function injection in Illuminate\Validation\Rules\RequiredIf can be exploited to generate gadget chains for deserialization vulnerabiltiies. 🕵️‍♂️ Proof of Concept ?php use Illuminate\Validation\Rules\RequiredIf; require"vendor/autoload.php"; $gadget = serializenew...

The U.S. EO on Ransomware: What Does it Mean? – Part 2

The White House is urging companies to do more to stem the tide of ransomware attacks now that they are starting to impact critical infrastructure and supply chains. It is a good start, but what will be the implication of this to U.S. businesses?...

Kill chains: Part 2→Strategic and tactical use cases

Let’s redefine In our new blog series, we want to contextualize the term “kill chain” as much as possible. Make sure to read the first entry in this series, Kill chains: Part 1→Strategic and operational value, for a general overview of kill chains and the specific frameworks we’ve discussed. We...

golang: math/big: panic during recursive division of very large numbers

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

golang: math/big: panic during recursive division of very large numbers

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

Lack of chain information in the signed data leads to potential replay attacks.

Handle shw Vulnerability details Impact The Offer structure, whose hash is signed by a maker, does not contain information of the current chain. Therefore, the signature is valid on all EVM-compatible chains. In the situation of a future hard fork of the Ethereum network, the valid signatures on...

SUSE: Security Advisory (SUSE-SU-2018:0112-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3449 and CVE-2021-3450

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation...

DNI’s Annual Threat Assessment

The office of the Director of National Intelligence released its "Annual Threat Assessment of the U.S. Intelligence Community." Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States increasing use of cyber...