Critical vulnerability in a third party library module
A vulnerability is observed in the 3rd-party HTMLAWED module for GLPI through 10.0.2 which allows PHP code injection. Learn More »
Common Vulnerabilities and Exposures
Background
GLPI (Gestionnaire Libre de Parc Informatique) is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A remote unauthenticated attacker could exploit this vulnerability (CVE-2022-35914) by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the security context of the web server process which could impact confidentiality, integrity and availability of the system.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
September 14, 2022: GLPI releases version 10.0.3 with a fix. https://glpi-project.org/fr/glpi-10-0-3-disponible/
March 07, 2023: CISA adds CVE-2022-35914 to its known exploited catalog
March 13, 2023: FortiGuard labs is seeing active exploitation attempts to exploit the flaw CVE-2022-35914 and recommends admins to update the GLPI to version 10.0.3 or above.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Application Firewall
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.