What are the Vulnerabilities?
Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA’s known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.
What is the Vendor Solution?
On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has released endpoint vulnerability signatures, which can help detect vulnerable systems and auto-patch where applicable, and has blocked all the known indicators of compromise (IoCs).
FortiGuard Labs recommends companies to review the vendor’s advisory.
More Stories
USN-7169-5: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
stb-0^20241002git31707d1-4.el9
FEDORA-EPEL-2025-75d8605b8c Packages in this update: stb-0^20241002git31707d1-4.el9 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
stb-0^20241002git31707d1-5.el10_0
FEDORA-EPEL-2025-93a1152ae1 Packages in this update: stb-0^20241002git31707d1-5.el10_0 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
stb-0^20241002git31707d1-4.fc40
FEDORA-2025-49e8952aab Packages in this update: stb-0^20241002git31707d1-4.fc40 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit...
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an...