“A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.”
Basefarm considers this a Base CVSS Score: 9.8 (Critical) – but there exists an official fix from Microsoft, bringing the Temporal CVSS Score down to a 9.4 (Critical).
And we consider most of our users do not expose Microsoft SQL Server Reporting Service directly to the internet, so this CVSS Environmental Score can be lowered down to a 7.6 (High).
Per Basefarm Vulnerability process we still consider this a priority 1 (of 3) issue, and we will not wait until normal patch window to mitigate this issue. Internally we are tracking this progress in BF-VLN-1990987, registered 2020-02-18.
https://basefarm.se/wp-content/uploads/2020/03/alexandru-bogdan-ghita-481901-unsplash.jpg25601707johan_kan/wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.pngjohan_kan2020-03-09 13:42:502020-03-09 13:48:27CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
“This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts. This vulnerability has not yet been patched. We are only trying to get the word out so people can remove the plugin temporarily as the vulnerability is being actively exploited. ”
Basefarm considers this a Base CVSS Score: 9.8 (Critical) – there is no fix and it is currently being actively exploited.
Basefarm has done some initial investigations regarding the use of this WordPress Theme, but has not identified any customers or internal usage. Basefarm has decided not to track this vulnerability further internally, but want to make it visible by posting this vulnerability bulletin.
“vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.”
“vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.”
“vRealize Operations for Horizon Adapter contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.”
The issue has been evaluated by our VMware technicians and Basefarm has concluded that we do not use Horizon Adapter and our systems are therefor not affected by these vulnerabilities.
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).
“What are the key considerations security decision makers should take into account when designing their 2020 breach protection?” 1,536 cybersecurity professionals has been asked that question and many other security related questions in Cynet’s “The State of Breach Protection2020″ survey. The survey report will give a great insight into common practices, prioritizations and preferences of organization today in how their are protecting themselves from breaches.
https://basefarm.se/wp-content/uploads/2018/08/2.png530995johan_kan/wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.pngjohan_kan2020-03-09 13:42:502020-03-09 14:26:49The State of Breach Protection 2020
“A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.”
The vulnerability has a CVSS Base score of 9.8, Critical.
Basefarm has triaged this vulnerability and found that we are not using the Cisco Smart Software Manager On-Prem software. Basefarm will not track this vulnerability further.
MAGNET RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer, allowing investigators to recover and analyze valuable artifacts that are often only found in memory.
RedLock Enables Cloud Threat Defense: Threat defense in the cloud requires a new AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations and threat intelligence, to provide a unified view of risks across fragmented cloud environments.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).
This week we have seen multiple cases of one of the harder issues in security, the insider threat. Two former employees of twitter have been charged with spying on Twitter users for Saudi Arabia, together with a third man with ties to the Saudi royal family. According to court documents they were working together, using twitters internal systems to unmask critics of the Kingdom and other users of Twitter. Trend Micro also suffered from an insider attack where an employee accessed and sold customer data to a malevolent third party. Trend started getting suspicious after customers started getting calls from scammers claiming to be from Trend Micro support. The employee was fired after a three month investigation by Trend micro, and is now investigated by law enforcement. You can read more about both cases here.
The Cybersecurity Insiders 2020 Insider Threat Report came out, and found that more than half of the organizations that participated believes that insider threats are harder to follow up in cloud environments. Meaning that the trend of offloading to the cloud could increase risk on unexpected levels.
Insider threats are one of the more complex issues in security with different challenges depending on a lot of factors, and organizations need to focus on what the challenges are for their specific organization, and find preventive measures that works in their environment.
“When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising.”
There is not enough details available yet, but the vulnerability has at least a CVSS Base score of 8.1, High. This depends on how hard it is to exploit, etc.
There is proof of concept published, but as of writing no known public exploitation of this vulnerability.
Basefarm customers will be upgraded as part of normal patching routines.
On December 17, Citrix disclosed a vulnerability in their ADC, Gateway and SD-WAN product lines. Some patches were delivered around January 10, but these patches were not that efficient. A proper patch was not released before January 19 to January 24, depending on the appliance and release train.
Unfortunately, the nature of the vulnerability makes it extremely simple to exploit. That, combined with the fact that these appliances are usually directly connected to the Internet, makes this a serious threat to the overall Internet health. Exploit code has been generally available since about January 11 and there are now multiple, automated scanners deployed that is targeting unpatched appliances. When compromised, the malware is collecting config files and potentially SSL certificates and keys. There has also been attempts at using compromised appliances as stepping stones to move further into the infrastructure.
Basefarm recommend that all such appliances are checked and verified OK as soon as possible. FireEye has released a tool to aid in the verification. This tool can be found on Github. If a box is believed to be compromised, Basefarm recommends that the appliance is disconnected from the Internet immediately and fully replaced with a freshly installed one with all necessary patches in place before the appliance is exposed to the Internet again. All credentials and SSL keys stored on the appliance should be rotated.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.
Google Analytics Cookies
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visist to our site you can disable tracking in your browser here:
Other external services
We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds:
1. What are cookies?
By using the website you consent to that Basefarm stores cookies on your computer. Cookies are small text files that are placed on your computer while you are browsing a website.
Cookies are also used to collect information on how the website is used. In addition, with our cooperation partners we collect anonymous information of which browsers that visit the website to show relevant advertising (interest based advertising).
1.3 Manage your cookies
Most browsers are set up to automatically accept cookies. By changing your browser’s settings you can choose between accepting cookies, receiving information when a cookie is placed, or blocking cookies. The way to manage cookies may differ between browsers, but normally the menu is reached through tools or alternatives. If you decide to block Basefarm’s cookies, this may limit the functionality of the website.
You can find more information about cookies and how to delete or block cookies on the website www.allaboutcookies.org.
1.4 More detailed information
Cookie used and domain
Typ of Cookie
What does it do?
How long is the cookie saved?
The cookie is used to keep information (not password) about the site editors (Basefarm marketing department)
2. Data controller Basefarm AS, reg. no. 982 211 743, Nydalen Allé 37a, 0484 Oslo, Norway, is the data controller in relation to personal data being processed on the Norwegian and English versions of the website. Basefarm AB, reg. no. 556638-0639, Sveavägen 159, 113 46 Stockholm, Sweden, is the data controller in relation to personal data being processed on the Swedish version of the website. Basefarm BV reg. no. [•], Beechavenue 106, 1119 PP Schiphol-Rijk, Netherlands, is the data controller in relation to personal data being processed on the Dutch version of the website. The aforementioned Basefarm entities are collectively referred to as “Basefarm” in the following. You will find Basefarm’s contact information under section 10.
4. What data may Basefarm collect? The personal data Basefarm may collect includes information about your name and contact details such as address, telephone number and e-mail address, company and any other information you provide. If you apply for a job at Basefarm, Basefarm will process your CV as well as any other information you attach with your application.
5. How does Basefarm process personal data? The personal data collected by Basefarm is used to manage customer relations, assess potential employees and assist customers and website visitors with any requests or inquiries made on the website. The information may also be used for monitoring and development of Basefarm’s business and website, for example by analyzing statistics of website visitors, and to protect Basefarm’s rights. If you apply for a job, Basefarm only uses your personal data for the purposes for which you provided the information. However, Basefarm may save interesting applications even after the recruitment period is over. Such applications may also be transferred to other entities within the Basefarm group.
6. To whom may Basefarm disclose the information? Basefarm will not sell, lease or otherwise transfer any personal data collected to a third party. Basefarm may however transfer the personal data to other companies within the Basefarm group or to business partners if it is necessary to fulfil its obligations towards you.
Personal data may be disclosed if it is necessary to: a) Comply with applicable law, regulation or similar or to comply with a legal process, request or order from an executive authority; b) Defend Basefarm’s legal interests; or to c) Detect, prevent, or otherwise avoid fraud, security breaches or technical issues.
7. Links to external websites Basefarm’s website may contain links to third-party websites. Basefarm is not responsible for the processing of your personal data on such websites.
8. Amendments If this policy is amended, Basefarm will publish the amended policy at www.basefarm.com with information about when the amendments will enter into force. If Basefarm carry out any significant changes to the policy, Basefarm may choose to inform by e-mail or by publishing a message on the website.
9. The right to information and recifications You have the right to require information about what personal data Basefarm is processing about you and for what purposes. You are also entitled to have any incomplete or inaccurate data rectified, erased or blocked. Please see the contact information in section 10 should you have any questions about how Basefarm processes your personal data.
10. Basefarm’s contact information If you have any questions relating to Basefarm’s processing of personal data, or if you want to invoke your right to access data, please contact relevant Basefarm entity on the address set out below: Norway/Global: Basefarm AS PO Box 4488 Nydalen 0403 Oslo Sweden: Basefarm AB Sveavägen 159 113 46 Stockholm Netherlands: Basefarm BV Beechavenue 106 1119 PP Schiphol-Rijk
11. Security measures Basefarm has taken the organizational and technical security measures required to protect personal data against unauthorized access, modification and deletion.
Keep in touch with us - we’re aware that your inbox is a sacred place, and we’ve, built this page to put you in control.
With your email registration you are accepting that Basefarm is storing your personal data information and is using it to administrate your registration. We would like to send you personal emails with company news, content, invitation to events, webinars, reports, offerings, product and service information. Please check the boxes below what kind of personal information you would like to receive from us.
I am hereby giving consent that Basefarm is sending me emails on following topics: