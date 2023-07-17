Zimbra and Cisco have reported on critical security vulnerabilities impacting their respective products, reports The Hacker News.
Threat actors could leverage the cross-site scripting flaw in Zimbra Collaboration Suite Version 8.8.15 to facilitate data compromise, according to Zimbra, which has already addressed the flaw via input sanitization but urged users to manually fix the bug amid the imminent arrival of a patch.
Attacks exploiting the flaw have been noted by Google Threat Analysis Group researcher Maddie Stone.
On the other hand, Cisco has already patched the critical SD-WAN vManage software flaw, tracked as CVE-2023-20214, which could be abused to provide read and write permissions to later enable information retrieval efforts.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," said Cisco, which emphasized that there has been no evidence suggesting any active exploitation of the addressed vulnerability.
The Cloud Native Computing Foundation has declared that Istio, an open-source service mesh that was originally created by Google and IBM, is now a top-level project at the organization beside Kubernetes and other cloud-native technologies, Cloud Native Now reports.
Cisco announced that the latest version of its Secure Network Analytics software has significantly increased the tools scale and performance, enabling processing speeds of 3 million flows per second, according to Network World.
Cloud network management software provider Auvik announced the launch of Auvik SaaS Management, a new software-as-a-service tool that the company says can help enterprises identify and mitigate previously undetected security and cost impacts of SaaS sprawl,SiliconANGLE reports.