IKT Asset
AISicherheitVulnerabilitätenIBMFortinetCISA

Security Alerts: Vulnerabilities in IBM WebSphere and Fortinet Devices

Current security alerts concern critical vulnerabilities in IBM WebSphere Application Server and Fortinet devices, requiring immediate action.

Security Alerts: Vulnerabilities in IBM WebSphere and Fortinet Devices

IBM WebSphere Application Server

An attacker can exploit multiple vulnerabilities in the IBM WebSphere Application Server to bypass security measures and execute code. Details can be found in the CERT-Bund Advisory.

Fortinet Devices

CISA has urged users of Fortinet devices to harden their systems following reports of credential exposure. This activity, referred to as FortiBleed, affects approximately 74,000 devices, including firewalls and VPN gateways.

CISA Recommendations:

  • Terminate sessions and reset credentials: End all active SSL VPN and administrative sessions and reset passwords.
  • Secure credential storage: Confirm the use of the PBKDF2 algorithm for storing administrator credentials.
  • Review logs: Check logs for unusual access and suspicious accounts.
  • Enable phishing-resistant MFA: Require multifactor authentication for all external access.
  • Reduce attack surface: Ensure firewall management is not accessible from the public internet.

AzeoTech DAQFactory

Another security issue affects AzeoTech DAQFactory, where a type confusion vulnerability can be exploited to upload malicious .ctl files and execute arbitrary code. Affected versions are DAQFactory <=21.1. More details are available in the CISA Advisory.

Recommended Actions:

  • Avoid using documents from unknown sources.
  • Store .ctl files in folders writable only by admin-level users.
  • Operate in “Safe Mode” when loading documents that are out of your control.

Conclusion

These security alerts highlight the need for proactive measures to secure ICT assets, particularly in light of NIS2 and DORA regulations.