Rewterz

APT29 aka Nobelium – Active IOCs

June 10, 2024
Rewterz

Multiple GitHub Enterprise Server Vulnerabilities

June 10, 2024

Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-22326 CVSS:5

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.

CVE-2023-45192 CVSS:8.2

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2022-35718 CVSS:3.7

IBM Sterling Partner Engagement Manager 6.2.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

Impact

  • Security Bypass
  • Information Obtain

Indicators of Compromise

CVE

  • CVE-2024-22326
  • CVE-2023-45192
  • CVE-2022-35718

Affected Vendors

IBM

Affected Products

  • IBM DS8900F 89.30.68.0
  • IBM DS8900F 89.32.40.0
  • IBM DS8900F 89.33.48.0
  • IBM DS8900F 89.22.19.0
  • IBM DS8900F 89.40.83.0
  • IBM DS8900F 89.40.93.0
  • IBM Engineering Requirements Management DOORS Next 7.0.2
  • IBM Engineering Requirements Management DOORS Next 7.0.3
  • IBM Sterling Partner Engagement Manager 6.2.3

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-22326

CVE-2023-45192

CVE-2022-35718

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.