Rewterz Threat Alert – Widespread Phishing Campaign by APT28 Targets Asia, Europe, and Americas – Active IOCs
March 18, 2024Rewterz Threat Alert – Lazarus aka Hidden Cobra APT Group – Active IOCs
March 19, 2024Rewterz Threat Alert – Widespread Phishing Campaign by APT28 Targets Asia, Europe, and Americas – Active IOCs
March 18, 2024Rewterz Threat Alert – Lazarus aka Hidden Cobra APT Group – Active IOCs
March 19, 2024Severity
High
Analysis Summary
CVE-2024-22259
VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in UriComponentsBuilder. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Websites.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2024-22259
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Framework 5.3.0
- VMware Tanzu Spring Framework 6.1.0
Remediation
Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.