Maurizio Agazzini

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw in Keycloak allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 24.0.5 **Description** A flaw was found in Keycloak, where certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. The vulnerability is actively exploited in the wild. Over 39,000 results are found on ZoomEye, and over 763,000 services are found on the affected platform yearly. **Recommendations** For versions prior to 24.0.5, upgrade to version 24.0.5 or newer to secure your systems. As a temporary workaround, consider restricting access to the administrative REST API endpoints until a patch is available. Avoid using the administrative functionalities in the Keycloak admin interface with low-privilege users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server (affected versions not specified) **Description** The issue allows serialized objects from untrusted sources to run, causing the consumption of resources, which may lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) versions 4 and 5 **Description** The issue allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. This is related to the JMX servlet in the affected software. **Recommendations** For Red Hat JBoss Enterprise Application Platform (EAP) versions 4 and 5, consider restricting access to the JMX servlet as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.42 IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.12 IBM WebSphere Application Server (WAS) versions 8.5 through 8.5.5.10 IBM WebSphere Application Server (WAS) versions 9.0 through 9.0.0.1 IBM WebSphere Application Server (WAS) Liberty versions prior to 16.0.0.4 **Description** The issue allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. **Recommendations** For IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.42, update to version 7.0.0.43 or later. For IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.12, update to version 8.0.0.13 or later. For IBM WebSphere Application Server (WAS) versions 8.5 through 8.5.5.10, update to version 8.5.5.11 or later. For IBM WebSphere Application Server (WAS) versions 9.0 through 9.0.0.1, update to version 9.0.0.2 or later. For IBM WebSphere Application Server (WAS) Liberty versions prior to 16.0.0.4, update to version 16.0.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** McAfee VirusScan Enterprise version 8.8.0 before Hotfix 1123565 (8.8.0.1546) **Description** The issue allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. This is related to the McAfee VirusScan Console (mcconsol.exe) on Windows. **Recommendations** For McAfee VirusScan Enterprise version 8.8.0 before Hotfix 1123565 (8.8.0.1546), apply Hotfix 1123565 (8.8.0.1546) to resolve the issue. As a temporary workaround, consider restricting access to the registry handles related to the McAfee VirusScan Console to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** McAfee Active Response (MAR) versions prior to 1.1.0.161 McAfee Agent (MA) 5.x versions prior to 5.0.2 Hotfix 1110392 (5.0.2.333) McAfee Data Exchange Layer 2.x (DXL) versions prior to 2.0.1.140.1 McAfee Data Loss Prevention Endpoint (DLPe) 9.3 versions prior to Patch 6 McAfee Data Loss Prevention Endpoint (DLPe) 9.4 versions prior to Patch 1 HF3 McAfee Device Control (MDC) 9.3 versions prior to Patch 6 McAfee Device Control (MDC) 9.4 versions prior to Patch 1 HF3 McAfee Endpoint Security (ENS) 10.x versions prior to 10.1 McAfee Host Intrusion Prevention Service (IPS) 8.0 versions prior to 8.0.0.3624 McAfee VirusScan Enterprise (VSE) 8.8 versions prior to P7 (8.8.0.1528) **Description** The issue allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. **Recommendations** For McAfee Active Response (MAR) versions prior to 1.1.0.161, update to version 1.1.0.161 or later. For McAfee Agent (MA) 5.x versions prior to 5.0.2 Hotfix 1110392 (5.0.2.333), update to version 5.0.2 Hotfix 1110392 (5.0.2.333) or later. For McAfee Data Exchange Layer 2.x (DXL) versions prior to 2.0.1.140.1, update to version 2.0.1.140.1 or later. For McAfee Data Loss Prevention Endpoint (DLPe) 9.3 versions prior to Patch 6, apply Patch 6 or later. For McAfee Data Loss Prevention Endpoint (DLPe) 9.4 versions prior to Patch 1 HF3, apply Patch 1 HF3 or later. For McAfee Device Control (MDC) 9.3 versions prior to Patch 6, apply Patch 6 or later. For McAfee Device Control (MDC) 9.4 versions prior to Patch 1 HF3, apply Patch 1 HF3 or later. For McAfee Endpoint Security (ENS) 10.x versions prior to 10.1, update to version 10.1 or later. For McAfee Host Intrusion Prevention Service (IPS) 8.0 versions prior to 8.0.0.3624, update to version 8.0.0.3624 or later. For McAfee VirusScan Enterprise (VSE) 8.8 versions prior to P7 (8.8.0.1528), update to version P7 (8.8.0.1528) or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSH-portable versions 3.6.1p1 and earlier **Description** The issue allows remote attackers to determine valid usernames via a timing attack when a user does not exist, due to the immediate sending of an error message with PAM support enabled. This can lead to a violation of confidentiality. The vulnerability can be exploited remotely. **Recommendations** For OpenSSH-portable versions 3.6.1p1 and earlier, consider disabling PAM support as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Net-SNMP versions 5.2.x through 5.2.4, versions 5.3.x through 5.3.2, and versions 5.4.x through 5.4.1 UCD-SNMP (affected versions not specified) eCos (affected versions not specified) Juniper Session and Resource Control (SRC) C-series versions 1.0.0 through 2.0.0 NetApp (aka Network Appliance) Data ONTAP versions 7.3RC1 and 7.3RC2 SNMP Research versions prior to 16.2 Multiple Cisco IOS, CatOS, ACE, and Nexus products (affected versions not specified) Ingate Firewall versions 3.1.0 and later and SIParator versions 3.1.0 and later HP OpenView SNMP Emanate Master Agent versions 15.x net-snmp-x86 (affected versions not specified) net-snmp-64bit (affected versions not specified) net-snmp-32bit (affected versions not specified) net-snmp-devel (affected versions not specified) libsnmp15 (affected versions not specified) snmp-mibs (affected versions not specified) ucd-snmp-4.2.5 ucd-snmp-devel-4.2.5 ucd-snmp-utils-4.2.5 **Description** The issue concerns multiple vulnerabilities in various SNMP packages, which can lead to the disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The SNMPv3 HMAC verification relies on the client to specify the HMAC length, making it easier for remote attackers to bypass SNMP authentication. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Net-SNMP versions 5.2.x through 5.2.4, update to version 5.2.4.1 or later. For Net-SNMP versions 5.3.x through 5.3.2, update to version 5.3.2.1 or later. For Net-SNMP versions 5.4.x through 5.4.1, update to version 5.4.1.1 or later. For UCD-SNMP, update to a version that fixes the vulnerability, if available. For eCos, update to a version that fixes the vulnerability, if available. For Juniper Session and Resource Control (SRC) C-series, update to a version later than 2.0.0. For NetApp (aka Network Appliance) Data ONTAP, update to a version later than 7.3RC2. For SNMP Research, update to version 16.2 or later. For Cisco products, apply the workaround or update to a fixed version, as described in the Cisco security advisory. For Ingate Firewall and SIParator, update to a version that fixes the vulnerability, if available. For HP OpenView SNMP Emanate Master Agent, update to a version that fixes the vulnerability, if available. For net-snmp-x86, net-snmp-64bit, net-snmp-32bit, net-snmp-devel, libsnmp15, and snmp-mibs, update to a version that fixes the vulnerability, if available. For ucd-snmp-4.2.5, ucd-snmp-devel-4.2.5, and ucd-snmp-utils-4.2.5, update to a version that fixes the vulnerability, if available. As a temporary workaround, consider disabling the SNMP service until a patch is available. Restrict access to the vulnerable SNMP modules to minimize the risk of exploitation. Avoid using the vulnerable HMAC length value of 1 in the SNMPv3 authentication process until the issue is resolved.