Tageszusammenfassung - 06.05.2022

End-of-Day report

Timeframe: Donnerstag 05-05-2022 18:00 - Freitag 06-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

New Raspberry Robin worm uses Windows Installer to drop malware

Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives.

https://www.bleepingcomputer.com/news/security/new-raspberry-robin-worm-uses-windows-installer-to-drop-malware/

---

Tipps zur Passwortsicherheit am World Password Day

Heute jährt sich der Welt-Passwort-Tag. Was können Sie tun, um sich online bestmöglich zu schützen? Hier finden Sie Tipps und Tricks für den sicheren Umgang mit Ihren Daten!

https://www.watchlist-internet.at/news/tipps-zur-passwortsicherheit-am-world-password-day/

Vulnerabilities

ClamAV 0.105.0, 0.104.3, 0.103.6 released

Today, were also publishing the 0.104.3 and 0.103.6 security patch versions, including several CVE fixes.

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

---

Schadcode-Attacken auf Videoüberwachungssystem und NAS von Qnap möglich

Wichtige Sicherheitsupdates schließen mehreren Lücken in Netzwerkprodukten von Qnap.

https://heise.de/-7077449

---

Security updates for Friday

Security updates have been issued by Debian (dpdk, mruby, openjdk-11, and smarty3), Oracle (thunderbird), Red Hat (thunderbird), SUSE (chromium, libvirt, python-Twisted, and tar), and Ubuntu (cron and jbig2dec).

https://lwn.net/Articles/894141/

---

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/

---

Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities (CVE-2018-25031, CVE-2021-46708)

https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-two-websphere-application-server-vulnerabilities-cve-2018-25031-cve-2021-46708/

---

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2022-23772

https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-denial-of-service-due-to-go-cve-2022-23772/

---

Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )

https://www.ibm.com/blogs/psirt/security-bulletin-ts3000-tssc-imc-is-vulnerable-to-privilege-escalation-vulnerability-due-to-polkit-cve-2021-4034/

---

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-assistant-for-ibm-cloud-pak-for-data-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/

---

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution with IBM WebSphere Application Server (CVE-2021-23450).

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-with-ibm-websphere-application-server-cve-2021-23450/

---

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2021-44716

https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-denial-of-service-due-to-go-cve-2021-44716/

---

Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability (CVE-2022-22310).

https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-websphere-application-server-vulnerability-cve-2022-22310/

---

Security Bulletin: A vulnerability in IBM® SDK, Java- may affect Rational Asset Analyzer (CVE-2021-35550)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sdk-java-may-affect-rational-asset-analyzer-cve-2021-35550/

---

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-2/

---

Security Bulletin: Vulnerability CVE-2021-39023 in IBM Guardium Data Encryption (GDE)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2021-39023-in-ibm-guardium-data-encryption-gde/

---

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote attack due to Go CVE-2021-44717

https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-remote-attack-due-to-go-cve-2021-44717/

---

Security Bulletin: IBM Guardium Data Encryption is vulnerable to missing data encoding issue (CVE-2021-39027)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-guardium-data-encryption-is-vulnerable-to-missing-data-encoding-issue-cve-2021-39027/

---

Security Bulletin: A vulnerability in IBM® SDK, Java- affects Rational Asset Analyzer (CVE-2021-35603)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sdk-java-affects-rational-asset-analyzer-cve-2021-35603/

---

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to attack under error due to Go CVE-2022-23773

https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-attack-under-error-due-to-go-cve-2022-23773/

---

Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-v10-is-vulnerable-to-a-remote-code-execution-in-spring-framework-cve-2022-22965/

---

K52379673: Linux kernel vulnerability for CVE-2021-4083

https://support.f5.com/csp/article/K52379673

---

K50899356: file vulnerability CVE-2018-10360

https://support.f5.com/csp/article/K50899356

---

poppler: Schwachstelle ermöglicht Denial of Service

http://www.cert-bund.de/advisoryshort/CB-K22-0545

---

Foxit Reader: Schwachstelle ermöglicht Denial of Service

http://www.cert-bund.de/advisoryshort/CB-K22-0544

---

Johnson Controls Metasys

https://us-cert.cisa.gov/ics/advisories/icsa-22-125-01