Tageszusammenfassung - 31.03.2022

End-of-Day report

Timeframe: Mittwoch 30-03-2022 18:00 - Donnerstag 31-03-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a


Spring patches leaked Spring4Shell zero-day RCE vulnerability

Spring released emergency updates to fix the Spring4Shell zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released.


Java: Exploit für RCE-Lücke in Spring geleakt

Unter Umständen reicht ein HTTP-Request, um Spring-Anwendungen eine Webshell unterzujubeln. Die Lücke wird wohl bereits ausgenutzt.


SpringShell Detector - searches compiled code (JAR/WAR binaries) for potentially vulnerable web apps

The SpringShell vulnerability may affect some web applications using Spring Framework, but requires a number of conditions to be exploitable. One specific condition which may be rather rare (and therefore render most applications non-exploitable in practice) is the existence of Spring endpoints which bind request parameters to a non-primitive (Java Bean) type. This tool can be used to scan compiled code and verify whether such endpoints exist in the codebase.


Simple local Spring vulnerability scanner

This is a simple tool that can be used to find instances of Spring vulnerable to CVE-2022-22965 ("SpringShell") in installations of Java software such as web applications. JAR and WAR archives are inspected and class files that are known to be vulnerable are flagged.


Spring4Shell: Security Analysis of the latest Java RCE 0-day vulnerabilities in Spring

Weve been taking a look at the new zero-day exploit, dubbed Spring4Shell, supposedly discovered in Spring Core to determine if its a problem or not, as well as explained another RCE vulnerability found in Spring.


Calendly actively abused in Microsoft credentials phishing

Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page.


Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.


Conti-nuation: methods and techniques observed in operations post the leaks

This post describes the methods and techniques we observed during recent incidents that took place after the Coni data leaks.



QNAP warns severe OpenSSL bug affects most of its NAS devices

Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago.


-VMware Spring Cloud- Java bug gives instant remote code execution - update now!

Easy unauthenticated remote code execution - PoC code already out


Security updates for Thursday

Security updates have been issued by Debian (libgc and pjproject), Fedora (cobbler, mingw-openjpeg2, and openjpeg2), Mageia (openvpn), openSUSE (abcm2ps, fish3, icingaweb2, kernel-firmware, nextcloud, openSUSE-build-key, python2-numpy, salt, and zlib), Slackware (vim), SUSE (kernel-firmware, opensc, python2-numpy, python3, salt, and zlib), and Ubuntu (dosbox, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.13, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, [...]


The Old Switcheroo: Hiding Code on Rockwell Automation PLCs

CVE-2022-1161 affects numerous versions of Rockwell-s Logix Controllers and has a CVSS score of 10, the highest criticality. CVE-2022-1159 affects several versions of its Studio 5000 Logix Designer application, and has a CVSS score of 7.7, high severity.


WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization


Anti Spam by CleanTalk - Moderately critical - SQL Injection - SA-CONTRIB-2022-032


Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493)


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in NumPy


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind


Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go


Security Bulletin: IBM QRadar Network Security is affected by Wget vulnerability (CVE-2021-31879)


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring


Security Bulletin: IBM Security Verify Access is vulnerable to obtaining sensitive information due to improper validation of JWT tokens.


CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (Severity: HIGH)