好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户已经提供了文章内容,看起来是关于最近发现的多个企业软件漏洞的情况。 首先,我需要通读文章,抓住主要信息。文章提到Oracle、OpenStack、SAP、Salesforce和ServiceNow等高知名度企业产品存在漏洞,需要安全团队关注。Cyble的研究人员在最近一周追踪了1031个漏洞,其中近200个已经有公开的概念验证(PoC),这大大增加了实际攻击的可能性。 接下来,文章详细列出了几个关键漏洞,比如CVE-2026-21969(Oracle)、CVE-2026-22797(OpenStack)、CVE-2026-0501(SAP)、CVE-2026-22584(Salesforce)和CVE-2025-69258(Trend Micro)。这些漏洞的严重程度都很高,有的甚至达到了9.8或9.9的CVSS评分。 此外,文章还提到了一些被CISA加入已知被利用漏洞目录的漏洞,以及开源社区讨论的一些问题。例如,Fortinet FortiSIEM的CVE-2025-64155和ServiceNow的CVE-2025-12420。这些漏洞可能被用于暗网上的攻击活动。 最后,结论部分强调了安全团队需要迅速行动修补关键漏洞,并建议实施基于风险的漏洞管理计划和其他网络安全最佳实践。 现在,我需要将这些信息浓缩到100字以内。重点包括:主要受影响的企业软件、漏洞数量及PoC情况、几个关键漏洞及其影响、以及安全建议。 可能的结构是:提到高知名度企业软件存在严重漏洞,数量和PoC情况,列举几个关键漏洞及其影响,并指出安全团队需迅速行动修补。 这样总结下来应该符合用户的要求。 </think> 近期报告指出多个高知名度企业软件如Oracle、OpenStack、SAP、Salesforce和ServiceNow存在严重漏洞。研究人员追踪到1,031个新漏洞,其中近200个已有公开概念验证(PoC),显著增加了实际攻击风险。部分关键漏洞包括Oracle Agile Product Lifecycle Management中的远程接管风险、OpenStack的身份验证绕过问题以及SAP S/4HANA中的SQL注入风险等。安全团队需迅速行动修补这些高危漏洞以降低风险。 2026-1-28 10:31:8 Author: cyble.com(查看原文) 阅读量:4 收藏
Oracle, OpenStack, SAP, Salesforce and ServiceNow are among the high-profile enterprise products with vulnerabilities in need of attention by security teams.
Cyble Vulnerability Intelligence researchers tracked 1,031 vulnerabilities in the last week, and nearly 200 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.
A total of 72 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 33 received a critical severity rating based on the newer CVSS v4.0 scoring system.
Below are some of the vulnerabilities flagged by Cyble threat intelligence researchers for prioritization by security teams in recent reports to clients.
The Week’s Top IT Vulnerabilities
CVE-2026-21969 is a 9.8-severity vulnerability in Oracle Agile Product Lifecycle Management for Process, specifically in the Supplier Portal component of Oracle Supply Chain. The flaw could enable unauthenticated remote attackers to achieve full system takeover via HTTP without needing credentials or user interaction.
CVE-2026-22797 is a 9.9-rated authentication bypass vulnerability in the OpenStack keystonemiddleware’s external_oauth2_token component. An authenticated attacker could escalate privileges or impersonate other users by sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id.
CVE-2026-0501 is a 9.9-severity SQL injection vulnerability in SAP S/4HANA Private Cloud and On-Premise, specifically the Financials General Ledger module, that could allow an authenticated attacker with low privileges to craft SQL queries, potentially enabling them to read sensitive financial data, modify records, or delete backend database content.
CVE-2026-22584 is an 8.5-rated code injection vulnerability in Salesforce’s Uni2TS library, affecting MacOS, Windows, and Linux systems, that could allow attackers to leverage executable code in non-executable files.
CVE-2025-69258 is a 9.8-rated unauthenticated remote code execution (RCE) vulnerability in Trend Micro Apex Central. The flaw could allow an unauthenticated, remote attacker to load an attacker-controlled DLL into a key executable, resulting in the execution of attacker-supplied code under the SYSTEM context on affected installations.
Among the vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog were CVE-2024-37079, a 9.8-severity Broadcom VMware vCenter Server out-of-bounds write vulnerability, CVE-2026-21509, a 7.8-rated Microsoft Office Security Feature Bypass vulnerability, and CVE-2025-34026, a 9.2-rated Versa Concerto improper authentication vulnerability in the Traefik reverse proxy configuration that could potentially allow an attacker to access administrative endpoints.
Notable vulnerabilities discussed in open-source communities included CVE-2025-64155, a critical OS command injection vulnerability in Fortinet FortiSIEM, affecting Super and Worker nodes. An unauthenticated remote attacker could exploit the phMonitor service via crafted requests to execute arbitrary commands, potentially enabling full system compromise, including root access through file overwrites and privilege escalation. Cyble has also observed the vulnerability discussed by threat actors on dark web cybercrime forums.
Another vulnerability getting attention in open-source communities is CVE-2025-12420, dubbed ‘BodySnatcher’, a critical privilege escalation vulnerability in ServiceNow’s AI Platform, specifically involving the Virtual Agent API and Now Assist AI Agents. It could allow unauthenticated remote attackers to impersonate any ServiceNow user, including administrators, by leveraging a hardcoded authentication secret and email-based identity linking, leading to arbitrary actions, such as creating backdoor admin accounts.
Vulnerabilities Under Discussion on the Dark Web
In addition to CVE-2025-64155, Cyble dark web researchers observed threat actors discussing several other vulnerabilities on dark web and cybercrime forums. They include:
CVE-2026-23745, a high-severity directory traversal vulnerability in the node-tar library (versions ≤ 7.5.2) for Node.js. The vulnerability stems from improper sanitization of the linkpath in hardlink and symbolic link entries when preservePaths is set to false, which is the default secure behavior. An attacker could exploit this flaw by crafting malicious tar archives to bypass extraction root restrictions, achieving arbitrary file overwrite via hardlinks and symlink poisoning attacks. In CI/CD environments or automated pipelines, successful exploitation could result in remote code execution by overwriting configuration files, scripts, or binaries, though npm remains unaffected because it filters out Link and SymbolicLink tar entries.
CVE-2026-22812, a high-severity vulnerability in OpenCode, an open-source AI coding agent, affecting versions prior to 1.0.216. The flaw involves multiple weaknesses, including missing authentication for critical functions, exposed dangerous methods, and permissive cross-domain security policies. OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user’s privileges. After successful exploitation requiring user interaction, such as visiting a malicious website, attackers could gain complete compromise of confidentiality, integrity, and availability, with high impact across all three security dimensions.
A threat actor shared a high-severity exploit chain targeting Apple’s WebKit engine on iOS versions before iOS 26. The chain links CVE-2025-43529, a use-after-free flaw, with CVE-2025-14174, a memory corruption issue in the ANGLE Metal renderer. By delivering malicious web content, attackers first achieve code execution within the browser sandbox and then leverage the memory corruption to bypass platform security. Upon successful exploitation via a malicious webpage, attackers can install sophisticated spyware to monitor location, intercept messages, and access the device’s camera and microphone.
Conclusion
The number of vulnerabilities affecting high-profile enterprise environments highlights the constant pressure facing security teams, who must respond with rapid, well-targeted actions to patch the most critical vulnerabilities and successfully defend IT and critical infrastructure. A risk-based vulnerability management program should be at the heart of those defensive efforts.
Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets; removing or protecting web-facing assets; Zero-Trust access principles; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks.
如有侵权请联系:admin#unsafe.sh