Shielding Your Systems from Software Security Vulnerabilities

Blog | Topics: Cybersecurity

March 4, 2025

4 min read

Previous Next
Home Blog Cybersecurity Shielding Your Systems from Software Security Vulnerabilities
A combination of expertise and collaboration can safeguard your software and protect your IT estate from cyber threats. 

Welcome to the March Origina Software Security Update. 

This month, learn how we addressed over 140 software security vulnerabilities for a single customer. Plus, review the latest list of common vulnerabilities and exposures (CVEs) and read how cyberattacks are impacting the telecommunications industry. 

  

Origina Remediates Over 140 Software Security Vulnerabilities 

A biotech company reached out to Origina after a security scan uncovered multiple vulnerabilities in their IBM© Cognos Analytics application. With no entitlements available and 144 CVEs to address, the scope of work was vast and required careful prioritization. 

Over four months, our team identified, mitigated, and resolved numerous security issues, ensuring the customer’s confidence in their application’s resilience. 

By November 2024, Origina had proposed solutions for nearly all of the vulnerabilities, and in February, we completed final stages of briefing stakeholders, validating Java-specific vulnerabilities, and ensuring all mitigations were viable. The customer’s security team conducted a final review, and Origina offered ongoing support. 

Results and Impact 

Through a detailed analysis and clear communication, Origina: 

  • Delivered over 100 actionable mitigations 
  • Eliminated false positives to streamline the customer’s focus 
  • Empowered the customer’s security team with clear documentation and guidance

This incident exemplifies the power of collaboration and expertise. By working closely with the customer and utilizing advanced tools like our Vulnerability Advisory Portal, we ensured their Cognos Analytics application achieved optimal security. 

 

Recent Security Alerts 

Here are links to the latest and updated software security vulnerabilities available through the Origina Vulnerability Advisory Portal. 

Our service delivers up-to-date threat intelligence and mitigation strategies for vulnerabilities, regardless of the product version or third-party components involved.  

Key benefits include: 

  • Protecting your software investments 
  • Extending the lifespan of your software 
  • Maximizing value  

The Vulnerability Advisory Portal is a vital resource, offering unlimited access to proactive mitigation advisories, even when OEM patches or fixes are unavailable. You’ll also find hardening guides and publications with regularly updated information on secure configurations and regulations. 

Ask Origina how we can assist with new functionalities, policy compliance, or regulatory needs — from MFA integration to advanced cryptographic implementation. 

Common Vulnerabilities and Exposures (CVE) ID
(Click on ID to open in Origina VA Portal)
Security Alert
Common Vulnerability Scoring System (CVSS) Score
Affected Versions
CVE-2023-42282 – IBM Db2 on Cloud Pak for Data
IBM Db2® on Cloud Pak for Data is affected by a server-side request forgery vulnerability
9.8
IBM Db2 on Cloud Pak for Data versions 3.5 through 4.6.1 
CVE-2019-4589 – IBM Cognos Analytics
IBM Cognos Analytics is affected by a privilege escalation vulnerability.
4.3
IBM Cognos Analytics 11.0 and 11.1
CVE-2024-37087 – VMware vCenter
VMware vCenter is affected by a denial-of-service vulnerability.
5.3
VMware ESXi 7.0, 8.0
CVE-2024-37086 – VMware ESXi
VMware ESXi is affected by an out-of-bounds read vulnerability.
6.8
VMware ESXi 7.0, 8.0
CVE-2024-22275 – VMware vCenter
vCenter Server is affected by a partial file read vulnerability.
4.9
vCenter Server 7.0, 8.0
CVE-2024-22274 – VMware vCenter
vCenter Server is affected by an authenticated remote code execution vulnerability.
7.2
vCenter Server 7.0, 8.0 
CVE-2024-22273 – VMware vCenter
VMware ESXi is affected by an out-of-bounds read/write vulnerability.
7.2
VMware ESXi 7.0, 8.0
CVE-2024-20952 – IBM Db2
IBM Db2 is affected by a RCE vulnerability.
7.4
IBM Db2 versions 11.5, 11.1, and 10.5  
CVE-2024-45072 – IBM WebSphere Application Server
IBM WebSphere Application Server is affected by a XML External Entity Injection (XXE) vulnerability.
5.1
IBM WebSphere Application Server versions 8.5 and 9.0 

Telecommunications Providers Under Attack 

Telecommunications providers are vital to our everyday lives. From digital infrastructure to business operations to emergency response, their organizations move a tremendous amount of information through their networks.    

And that is precisely why they are being targeted.  

Numerous technologies can be components of telecommunications backbone core systems.  A compromise or failure of this technology could result in the inability for telecommunication provider’s customers to make and receive calls and/or use data services. This can not only impact civilians but also the effectiveness of emergency service operations. It can also result in the loss of a user’s personal data, which can then be used in subsequent attacks.  

Targeting Increases  

Critical telecommunications providers are being attacked by foreign nations for disruption and data extraction to be used in influence operations, such as disrupting governmental elections, and by organized crime groups who typically engage in ransomware operations for monetary gains.   

The number of physical strikes on telecommunications infrastructure is also increasing. Sub-sea cables have been dragged and cut by nefarious unregistered vessels known as shadow fleets. Surveying this infrastructure by foreign nations for future attacks has also increased over the past few years.  

Here’s an example:

Chinese-Linked APT Group Salt Typhoon Targets Global Telecom Networks -The PRC Government Denied Involvement   

A recent report by Recorded Future’s Insikt Group highlighted that the Chinese-linked APT group Salt Typhoon (aka FamousSparrow/GhostEmperor) continues targeting telecommunications providers worldwide. The group has exploited unpatched Cisco IOS XE devices, compromising additional U.S. telecom firms.    

  • Exploited Cisco Vulnerabilities. Salt Typhoon leveraged two vulnerabilities: 1) CVE-2023-20198 (CVSS 10), which allows attackers to gain admin access remotely and 2) CVE-2023-20273, which was used alongside CVE-2023-20198 to achieve root access and implant malware.  
  • Global impact and targeted networks: Telecom providers in the U.S., U.K., Italy, South Africa, and Thailand were breached. 
  • Over 12,000 Cisco devices had exposed Web UIs; more than 1,000 were attacked.  
  • Mytel (Myanmar) was also targeted for reconnaissance. 
  • Salt Typhoon’s Tactics: Uses Generic Routing Encapsulation (GRE) tunnels for persistence, evasion, and data exfiltration. Expanding Reach in the U.S. 
  • The Wall Street Journal reported more U.S. telecoms were compromised, including Charter Communications and Windstream. 
  • By December 2024, the White House confirmed a ninth U.S. telecom was breached. 
  • AT&T and Verizon secured their networks after cyberespionage attempts. 
  • Government and security response: The White House issued new detection guidance. CISA, NSA, FBI, and allied agencies released network hardening recommendations.     

Source and for further reading:  https://go.recordedfuture.com/hubfs/reports/cta-cn-2025-0213.pdf .  

Security is at the heart of everything we do. Our focus goes beyond addressing individual risks and vulnerabilities. If you’re facing a security, risk, or regulatory challenge and need expert guidance, we’re here to help. Reach out to your Customer Success Manager or submit a request through the Origina Self-Service Portal. 

Learn ways to minimize your cyber threats. Get the guide.

 

Securing your software estate--Is your software estate at risk?

FOR THE LATEST TECHNOLOGY TIPS SUBSCRIBE TO OUR NEWSLETTER - THE UPTIME

Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.

LEARN MORE