Overview Recently, NSFOCUS CERT found that IBM officially fixed a remote code execution vulnerability in WebSphere Application Server (CVE-2023-23477). Due to the flaw in WebSphere Application Server's validation of the data entered by users, under certain conditions, unauthenticated remote attackers can finally execute arbitrary code on the target server by...
Category: Blog
Protecting IoT Ecology and Building a Secure Future for Smart Cities
Smart city is a multi-disciplinary, multi-field, highly integrated large-scale system. One of the core components of the intelligent system of smart city is the Internet of Things (IoT), which drives the technologies that enable the perception of, as well as interaction and coordination with the physical world by the digital...
NSFOCUS Optimized Emergency Response for Network Security Incidents and Vulnerabilities
At the beginning of 2023, NSFOCUS started an internal review and optimization of its Emergency Response Process for Network Security Incidents and Vulnerabilities. This policy is used to guide the implementations and operations of emergency response to ensure the controllability of quality and progress, as well as the rapidity of...
Jira Service Management Server and Data Center Authentication Bypass Vulnerability (CVE-2023-22501) Notice
Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a Jira Service Management Server and Data Center authentication bypass vulnerability (CVE-2023-22501). When write access to user directories and outgoing emails is enabled on a Jira Service Management instance, an unauthenticated remote attacker can gain access to Jira Service Management by...
F5 BIG-IP iControl SOAP Remote Code Execution Vulnerability (CVE-2023-22374) Alert
Overview Recently, NSFOCUS CERT found that the technical details of the F5 BIG-IP arbitrary code execution vulnerability (CVE-2023-22374) were publicly disclosed online. Due to the format string vulnerability in BIG-IP iControl SOAP, a remote attacker with administrator authority can access the iControl SOAP interface through the BIG-IP management port or...
QNAP QTS and QuTS hero SQL Injection Vulnerability (CVE-2022-27596) Notice
Overview On January 31, 2023, NSFOCUS CERT detected that QNAP officially released a QNAP QTS and QuTS hero SQL injection vulnerability (CVE-2022-27596) notice. Due to the flaws in QNAP QTS and QuTS hero, unauthenticated remote attackers can use this vulnerability to inject malicious code on QNAP NAS devices, and ultimately...
