Bruin Learn access is restored. UCLA Digital and Technology Solutions and Bruin Learn administrators are continuing to monitor for delays or unexpected issues with the restoration of UCLA’s Canvas environment. If you continue to experience any issues with Bruin Learn, please reach out to BruinLearn-Support@it.ucla.edu

VMware Releases Security Update for VeloCloud

July 23, 2020
Security Advisory

VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information.

Impacted Products

VMware SD-WAN by VeloCloud (VeloCloud)

Advisory Details

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.

Known Attack Vendors

A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

Resolution

To remediate CVE-2020-3973 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found on the link for the Security Advisory provided below.

This advisory is available at: https://my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1.

VMware Releases Security Update for VeloCloud

Impacted Products

Advisory Details

Known Attack Vendors

Resolution

Bruin Learn Access Restored

Security Incident at Instructure (Canvas)

Linux Kernel Local Privilege Escalation Vulnerability (Copy Fail)

Action Required: New Logon Security Protocols to Access UCPath

Beware of Impersonation and Social Engineering During Emergencies