CERT-In issues threat alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus

The Indian Computer Emergency Response Team (CERT-In) on Wednesday issued vulnerability alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus

Nabeel Ahmed
July 07, 2022 17:02 IST

ADVERTISEMENT

CERT-In issues threat alerts for Google Chrome, GitLab, and Zoho ManageEngine ADAudit Plus | Photo Credit: Getty Images

The threat alerts noted multiple vulnerabilities in Chrome and GitLab and remote code execution vulnerability in Zoho ManageEngine ADAudit Plus prior to 7060.

ADVERTISEMENT

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Google chrome

Multiple vulnerabilities were reported in Google Chrome allowing remote attackers to execute arbitrary code and denial of service in the targeted systems.

These vulnerabilities, as reported by Cert-In, can exploit the system by sending specially crafted requests on the targeted system. Their successful execution can allow attackers to execute arbitrary code and is being used in the wild. The organisation, on its website also shared that, users are urgently requested to apply available security patches to avoid risk of exploitation.

ADVERTISEMENT

GitLab

The vulnerability note for GitLab, rated high by the organisation, stated that versions prior to GitLab versions prior to 15.1.1, 15.0.4, and 14.10.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been affected.

These vulnerabilities according to Cert-In can allow an attacker to execute codes, perform cross site scripting and disclose sensitive information. These vulnerabilities can also bypass security restrictions and cause denial of service on the targeted systems.

The vulnerability report said that application of appropriate updates as mentioned in GitLab security release can be used to secure vulnerable systems.

Zoho ManageEngine ADAudit Plus prior to 7060

The vulnerability notes for Zoho, rated high, stated that a remote code execution can be exploited by an unauthenticated remote attacker to execute arbitrary code on targeted systems.

The vulnerability that exists in Zoho ManageEngine ADAudit Plus is due to a misconfigured XML parser that processes user-supplied input without sufficient validation. The vulnerability code, however, stated that upgrading Zoho ManageEngine ADAudit Plus to the latest build would be enough to plug the security gap.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
You have exhausted your free article limit.
Please support quality journalism.
You have exhausted your free article limit.
Please support quality journalism.
The Hindu operates by it's editorial values to provide you quality journalism.
This is your last free article.

ADVERTISEMENT

Leave your comments and read more on The Hindu News app