- Drupal Releases Security Update to Address a Vulnerability in Apigee Edge
- Cisco Releases Security Advisories for Multiple Products
- VMware Releases Security Update for VMware vRealize Operations
Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x.
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal.
Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places.
An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information.
We encourage users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update.
Apigee Edge – Moderately critical – Access bypass – SA-CONTRIB-2023-005:
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge
Cisco released security updates for vulnerabilities affecting multiple products.
Cisco has identified multiple vulnerabilities in its products that might offer an exploitation method for attackers.
A remote attacker could exploit these vulnerabilities to take control of an affected system.
We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
Cisco Security Advisories:
Cisco Releases Security Advisories for Multiple Products CISA Advisory:
VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations
vRealize Operations (vROps) contains a CSRF bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
A malicious user could execute actions on the platform on behalf of the authenticated victim user.
We encourage users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates.
VMware Releases Security Update for VMware vRealize Operations: