CERT-In issues threat alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus

The Indian Computer Emergency Response Team (CERT-In) on Wednesday issued vulnerability alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus

July 07, 2022 05:02 pm | Updated 05:02 pm IST

CERT-In issues threat alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus

CERT-In issues threat alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus | Photo Credit: Getty Images

The threat alerts noted multiple vulnerabilities in Chrome and GitLab and remote code execution vulnerability in Zoho ManageEngine ADAudit Plus prior to 7060.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Google chrome

Multiple vulnerabilities were reported in Google Chrome allowing remote attackers to execute arbitrary code and denial of service in the targeted systems.

These vulnerabilities, as reported by Cert-In, can exploit the system by sending specially crafted requests on the targeted system. Their successful execution can allow attackers to execute arbitrary code and is being used in the wild. The organisation, on its website also shared that, users are urgently requested to apply available security patches to avoid risk of exploitation.

GitLab

The vulnerability note for GitLab, rated high by the organisation, stated that versions prior to GitLab versions prior to 15.1.1, 15.0.4, and 14.10.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been affected.

These vulnerabilities according to Cert-In can allow an attacker to execute codes, perform cross site scripting and disclose sensitive information. These vulnerabilities can also bypass security restrictions and cause denial of service on the targeted systems.

The vulnerability report said that application of appropriate updates as mentioned in GitLab security release can be used to secure vulnerable systems.

Zoho ManageEngine ADAudit Plus prior to 7060

The vulnerability notes for Zoho, rated high, stated that a remote code execution can be exploited by an unauthenticated remote attacker to execute arbitrary code on targeted systems.

The vulnerability that exists in Zoho ManageEngine ADAudit Plus is due to a misconfigured XML parser that processes user-supplied input without sufficient validation. The vulnerability code, however, stated that upgrading Zoho ManageEngine ADAudit Plus to the latest build would be enough to plug the security gap.

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.