Dor Segal

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.3 through 7.4 **Description** The issue concerns a potential spoofing attack when the software is configured to use Active Directory Authentication. **Recommendations** For versions 7.3 and 7.4, consider reconfiguring the authentication settings to minimize the risk of spoofing attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) **Description** The issue is related to errors in the Kerberos protocol implementation, which could allow a remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device configured to perform Kerberos authentication for VPN or local device access. This is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this by spoofing the KDC server response to the ASA device, potentially allowing them to bypass Kerberos authentication and impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.