Open Nav
Sign Up

Urgent Alert: Critical Vulnerabilities in Citrix, VMware, and Atlassian Products

Bar Refael

January 17, 2024

Citrix, VMware, and Atlassian have reported critical security vulnerabilities in several of their products, some of which are currently being exploited in the wild. This advisory is issued to inform and guide our clients on these vulnerabilities and the essential steps required for mitigation. It highlights the urgent need to apply patches and review security measures, aiming to provide a clear understanding of the associated risks and the necessary actions for effective mitigation. Our focus is to ensure our clients are well-informed and prepared to address these vulnerabilities promptly.

Citrix NetScaler ADC and Gateway Vulnerabilities:

  • CVE-2023-6548 (CVSS: 5.5): Permits low-privileged remote code execution.
  • CVE-2023-6549 (CVSS: 8.2): Leads to denial-of-service under certain configurations.
  • Affected Versions: NetScaler ADC and Gateway versions 14.1, 13.1, 13.0, and 12.1 (including FIPS and NDcPP).

Mitigation: Upgrade to the patched versions and avoid exposing management interfaces to the internet.

VMware Aria Automation Flaw:

  • CVE-2023-34063 (CVSS: 9.9): A critical missing access control flaw.
  • Affected Versions: VMware Aria Automation (8.11.x to 8.14.x) and VMware Cloud Foundation (4.x and 5.x).

Mitigation: Directly upgrade to VMware version 8.16 post-patch application.

Atlassian Confluence RCE Bug:

  • CVE-2023-22527 (CVSS: 10.0): Template injection vulnerability causing remote code execution.
  • Affected Versions: Confluence Data Center and Server versions 8.0.x to 8.5.3 (Note: 7.19.x LTS versions are not impacted).

Mitigation: Update to the latest patched versions immediately.

Impact Assessment and Risk Analysis:

Each vulnerability presents unique risks that could lead to unauthorized access, data breaches, or service disruptions. Immediate patch application is critical.

OP Innovate’s Advisory:

  • Immediate Action: Apply all relevant patches without delay.
  • Review Security Posture: Regularly assess your organization’s security measures.
  • Stay Informed: OP Innovate will continue to provide updates on these and other cybersecurity threats.

FAQ Section:

Q1: Are these vulnerabilities currently being exploited?

  • A: Yes, some of these vulnerabilities, especially in Citrix products, are actively being exploited.

Q2: What if my organization cannot immediately apply these patches?

  • A: Implement temporary mitigations if possible, like restricting access to the management interfaces for Citrix products and limiting user privileges in VMware and Atlassian environments.

Q3: How do I know if my system is compromised?

  • A: Look for indicators of compromise such as unusual system or network activity and unauthorized administrative actions.

Conclusion and Call-to-Action:

The discovery of these vulnerabilities underscores the urgent need for vigilant cybersecurity practices. We urge all affected users to apply the recommended patches and review their security protocols. OP Innovate is dedicated to assisting our clients in navigating these challenges and ensuring the integrity of their digital assets.

Stay Safe and Secure,
OP Innovate Cybersecurity Team

Resources highlights

CVE-2025-41244: Chinese Threat Actors Actively Exploiting VMware Tools & Aria Vulnerability

CVE-2025-41244 (CVSS 7.8) is a local privilege escalation vulnerability in VMware Tools and VMware Aria Operations when the Service Discovery Management Pack (SDMP) is enabled.…

Read more >

CVE-2025-41244

CVE-2025-32463: Critical Sudo Privilege Escalation

CVE-2025-32463 is a critical local privilege escalation in the ubiquitous sudo utility. The bug allows a local user to escalate to root by abusing sudo’s…

Read more >

CVE-2025-32463

Cisco IOS and IOS XE SNMP Zero-Day Actively Exploited (CVE-2025-20352)

Cisco disclosed CVE-2025-20352, a stack overflow in the SNMP subsystem of IOS and IOS XE, now confirmed as actively exploited in the wild. Attackers can…

Read more >

CVE-2025-20352

SolarWinds Web Help Desk (WHD) Unauthenticated RCE Patch-Bypass (CVE-2025-26399)

SolarWinds released Web Help Desk 12.8.7 Hotfix 1 to fix CVE-2025-26399, an unauthenticated remote code execution flaw in the AjaxProxy component caused by unsafe deserialization.…

Read more >

CVE-2025-26399

SonicWall Cloud Backup Compromise & Ongoing SSLVPN Exploitation

Threat actors gained access to MySonicWall cloud backup preference files after brute-forcing the vendor’s portal. These files, although encrypted, contain sensitive configuration data such as…

Read more >

sonicwall cloud

Ongoing Supply-Chain Attack Targeting npm Packages (aka “Shai-Hulud”)

Beginning on September 14, 2025, and accelerating over the next two days, attackers launched a large-scale supply-chain attack against the npm ecosystem. The campaign injected…

Read more >

Shai-Hulud
Under Cyber Attack?

Fill out the form and we will contact you immediately.