FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild.Why is this Significant?This is significant because CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) are on the CISA’s Known Exploited Vulnerabilities Catalog which are being actively exploited in the wild. As such, patches should be applied to the vulnerabilities as soon as possible.What is CVE-2022-28810?CVE-2022-28810 is a Remote Code Execution (RCE) vulnerability in Zoho ManageEngine ADSelfService Plus. A remote attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a malicious HTTP request.The vulnerability is rated “high” by Zoho and affects builds 6121 and below.What is CVE-2022-33891?CVE-2022-33891 is a Command Injection Vulnerability in Apache Software Foundation Spark. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability can result in the execution of arbitrary commands in the security context of the user running the vulnerable server.The vulnerability is rated “important” by Apache and affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.What is CVE-2022-35914?CVE-2022-35914 a code injection vulnerability in GLPI-Project GLPI. The vulnerability is due to improper validation of user configuration data sent to the endpoint htmLawedTest.php. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the security context of the web server process.Have the Vendors Released a Patch for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914?Yes. Patches for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 are available.What is the Status of Protection?FortiGuard Labs has the following IPS protection in place for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914:Zoho.ManageEngine.ADSelfService.Plus.Custom.Script.Execution (CVE-2022-28810)Apache.Spark.getUnixGroups.Command.Injection (CVE-2022-33891)GLPI-Project.GLPI.htmLawedTest.php.Code.Injection (CVE-2022-35914)
More Stories
USN-7009-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
php-8.2.24-1.fc39
FEDORA-2024-7c800c4df7 Packages in this update: php-8.2.24-1.fc39 Update description: PHP version 8.2.24 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of...
php-8.3.12-1.fc40
FEDORA-2024-2b429e720e Packages in this update: php-8.3.12-1.fc40 Update description: PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of...
php-8.3.12-1.fc41
FEDORA-2024-a03b06dbd0 Packages in this update: php-8.3.12-1.fc41 Update description: PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of...
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful...
USN-7033-1: Intel Microcode vulnerabilities
It was discovered that some Intel(R) Processors did not properly restrict access to the Running Average Power Limit (RAPL) interface....