近日,奇安信CERT整理了2024年被利用可能性较大的软件列表。由于此类软件用户量大且历史上出现过多次高危漏洞,极有可能在2024年攻防演练期间被利用,建议受影响用户尽快参考最新版软件更新页面,将软件升级到最新版本:
序号 |
软件名称 |
目前最新版本 |
最后更新时间 |
1 |
Apache Hadoop |
V3.4.0 |
2024-03-17 |
软件更新页面:https://hadoop.apache.org/releases.html |
|||
2 |
Apache Log4j2 |
V2.23.1 |
2024-03-06 |
软件更新页面:https://logging.apache.org/log4j/2.x/download.html |
|||
3 |
Apache RocketMQ |
V5.2.0 |
2024-02-19 |
软件更新页面:https://rocketmq.apache.org/download/ |
|||
4 |
Apache Spark UI |
V3.5.1 |
2024-02-23 |
软件更新页面:https://spark.apache.org/downloads.html |
|||
5 |
Array SSL VPN |
详见更新页面 |
—— |
软件更新页面:https://arraynetworks.com/ssl-vpn/ |
|||
6 |
Citrix ADC 及 Citrix Gateway |
V14.1 |
2024-04-23 |
软件更新页面:https://www.citrix.com/downloads/citrix-adc/ |
|||
7 |
F5 BIG-IP |
V20.1.0 |
2024-05-08 |
软件更新页面:https://www.f5.com.cn/products/big-ip-services |
|||
8 |
Fastjson |
V1.2.83 |
2022-05-23 |
软件更新页面:https://github.com/alibaba/fastjson/releases |
|||
9 |
GitLab CE/EE |
V17.0.1 |
2024-05-21 |
软件更新页面:https://github.com/gitlabhq/gitlabhq/tags |
|||
10 |
Google Chrome |
V127.0.6510.4 |
2024-05-31 |
软件更新页面:https://chromereleases.googleblog.com/ | |||
11 |
Metabase |
V0.49.13 Enterprise Edition V1.49.13 |
2024-05-29 |
软件更新页面:https://www.metabase.com/blog |
|||
12 |
MinIO |
V2024-05-28T17-19-04Z |
2024-05-28 |
软件更新页面:https://github.com/minio/minio/releases/tag/RELEASE.2024-05-28T17-19-04Z |
|||
13 |
Nacos |
V2.3.2 |
2024-04-03 |
软件更新页面:https://github.com/alibaba/nacos/releases |
|||
14 |
Oracle WebLogic Server |
V12.2.1.4.0 V14.1.1.0.0 |
2024-04-16 |
软件更新页面:https://www.oracle.com/security-alerts/cpuapr2024.html |
|||
15 |
PbootCMS |
V3.2.5 |
2023-05-08 |
软件更新页面:https://gitee.com/hnaoyun/PbootCMS/releases/ |
|||
16 |
Roxy-Wi |
V7.2.6.0 |
2023-06-02 |
软件更新页面:https://roxy-wi.org/changelog#gsc.tab=0 |
|||
17 |
SmartBI |
V9.5 |
2020-12-11 |
软件更新页面:https://www.smartbi.info/download |
|||
18 |
TRS-WAS畅捷通 |
详见更新页面 |
—— |
软件更新页面:http://www.trs.com.cn/ |
|||
19 |
WPS Office |
V12.1.0.16929 |
2024-05 |
软件更新页面:https://platform.wps.cn/ |
|||
20 |
Zabbix |
V6.4 |
2024-05-21 |
软件更新页面:https://www.zabbix.com/cn/download |
|||
21 |
禅道项目管理软件 |
V20.0.stable |
2024-04-30 |
软件更新页面:https://www.zentao.net/ |
|||
22 |
畅捷通 T+ |
V19.000.000.0090 V13.000.001.0492 |
2024-06-03
2024-05-29 |
软件更新页面:https://www.chanjetvip.com/product/goods |
|||
23 |
泛微Ecology |
V9.0 |
2024-05 |
软件更新页面:https://www.weaver.com.cn/e9/index.html |
|||
24 |
泛微E-office |
V11.0 |
2024-05 |
软件更新页面:https://www.e-office.cn/?s=4 |
|||
25 |
泛微OA |
详见更新页面 |
2024-05 |
软件更新页面:https://www.weaver.com.cn/ |
|||
26 |
泛微Office |
V11.0 |
2024-05 |
软件更新页面:https://service.e-office.cn/download |
|||
27 |
泛微云桥 |
V4.0 |
2024-05 |
软件更新页面:https://wx.weaver.com.cn/download |
|||
28 |
红帆医疗云OA |
V20 |
—— |
软件更新页面:https://www.ioffice.cn/hfywy |
|||
29 |
华天动力 OA |
V10.2 |
—— |
软件更新页面:http://demo.oa8000.com.cn/OAapp/htpages/app/module/login/8.0Login.jsp |
|||
30 |
蓝凌OA |
详见更新页面 |
—— |
软件更新页面:https://www.landray.com.cn/ |
|||
31 |
通达OA |
V12.9 |
2024-05-30 |
软件更新页面:https://www.tongda2000.com/download/p2022.php |
|||
32 |
向日葵远程控制软件 |
V 15.6.0.64434(2024.05) |
2024-05 |
软件更新页面:https://sunlogin.oray.com/download?categ=personal |
|||
33 |
信呼OA |
V2.6.3 |
2023-05-05 |
软件更新页面:http://www.rockoa.com/view_down.html |
|||
34 |
用友 NC |
详见更新页面 |
2024-05 |
软件更新页面:https://ismcloud.yonyou.com/patch/patchsearch |
|||
35 |
用友FE协作办公平台 |
详见更新页面 |
2024-05 |
软件更新页面:http://www.yonyou022.com/goods_show.aspx?id=117 |
|||
36 |
用友U8-OA企业版 |
V13.1 |
2024-05 |
软件更新页面:https://www.yonyou.com/ |
|||
37 |
用友时空 KSOA |
V9.0 |
2024-05 |
软件更新页面:https://www.yonyou.com/ |
|||
38 |
致远A8 |
V9.0 |
2024-05 |
软件更新页面:https://www.seeyon.com/home/Tiyan/index.html?from=chanpinjiazu |
|||
39 |
致远OA |
A8 |
2024-05 |
软件更新页面:https://www.seeyon.com/ |
以下为最近出现高危漏洞的部分软件,建议重点关注,并将软件升级到最新版本:
序号 |
软件名称 |
目前最新版本 |
最后更新时间 |
40 |
契约锁电子签章系统 |
详见更新页面 |
—— |
软件更新页面:https://www.qiyuesuo.com/sign |
|||
41 |
亿赛通电子文档安全管理系统 |
详见更新页面 |
—— |
软件更新页面:http://www.esafenet.com/ |
|||
42 |
JeecgBoot |
V3.6.3 |
2024-03-11 |
软件更新页面:https://github.com/jeecgboot/jeecg-boot/releases |
|||
43 |
Confluence Data Center and Server |
V8.9.1 |
2024-05-08 |
软件更新页面:https://www.atlassian.com/zh/software/confluence/download-archives |
|||
44 |
IDocView |
详见更新页面 |
—— |
软件更新页面:https://www.idocv.com/ |
|||
45 |
Apache Ofbiz |
V18.12.14 |
2024-05 |
软件更新页面:https://ofbiz.apache.org/download.html |
|||
46 |
Jenkins |
V2.460 |
2024-05-28 |
软件更新页面:https://www.jenkins.io/download/ |
|||
47 |
pgAdmin4 |
VREL-8_7 |
2024-05-30 |
软件更新页面:https://github.com/pgadmin-org/pgadmin4/tags |
|||
48 |
XZ-Utils |
V5.6.2 |
2024-05-29 |
软件更新页面:https://github.com/tukaani-project/xz/releases/ |
|||
49 |
Primeton EOS Platform |
详见更新页面 |
—— |
软件更新页面:https://www.primeton.com/products/ep/ | |||
50 |
JetBrains TeamCity |
V2024.03.2 |
2024-05-30 |
软件更新页面:https://www.jetbrains.com/help/teamcity/previous-releases-downloads.html |
|||
51 |
瑞友天翼应用虚拟化系统 |
V7.0.6.1 |
2017-04-28 |
软件更新页面:http://soft.realor.cn:88 |
|||
52 |
Palo Alto Networks PAN-OS |
V11.2 |
2024-05-03 |
软件更新页面:https://docs.paloaltonetworks.com/ngfw |
|||
53 |
Sonatype Nexus Repository |
V3.68.1 |
2024-05-16 |
软件更新页面:https://help.sonatype.com/en/download.html |
|||
54 |
Git |
V2.45.2 |
2024-05-31 |
软件更新页面:https://github.com/git/git/tags |
|||
55 |
GitHub Enterprise Server |
V3.13 |
2024-05-16 |
软件更新页面:https://github.com/enterprise |
|||
56 |
Fluent Bit |
V3.0.6 |
2024-05-24 |
软件更新页面:https://github.com/fluent/fluent-bit/releases |
|||
57 |
Check Point Security Gateways |
详见更新页面 |
2024-05 |
软件更新页面:https://www.checkpoint.com.cn/products/next-generation-firewall/index.html |
|||
58 |
CrushFTP |
V10.7.1 |
2024-04-25 |
软件更新页面:https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update |
|||
59 |
kkFileView |
V4.4.0-beta |
2024-04-15 |
软件更新页面:https://github.com/kekingcn/kkFileView/releases |
|||
60 |
IP-guard |
V4.82.0609.0 |
2024-05 |
软件更新页面:https://www.ip-guard.net/ |
|||
61 |
Rust |
V1.78.0 |
2024-05-02 |
软件更新页面:https://github.com/rust-lang/rust/releases |
|||
62 |
JumpServer |
V3.10.10-lts |
2024-05-20 |
软件更新页面:https://github.com/jumpserver/jumpserver/releases/ |
声明:本文来自奇安信 CERT,版权归作者所有。文章内容仅代表作者独立观点,不代表士冗科技立场,转载目的在于传递更多信息。如有侵权,请联系 service@expshell.com。