IMON Product Security Advisory

Jun 28 2024

Overview

iMON, an asset management solution S/W from KEYoung T & I, has announced vulnerability check methods and patch recommendations. users of the affected products should take measures based on the vulnerability countermeasures.

Affected Products

IMON All versions

Resolved Vulnerabilities

vulnerability in the iMON product that allows access to internal information without authentication through access to an unused page

vulnerability Countermeasures

O Check the login history of unauthorized IPs through server access logs

* Search for ‘POST /blazeds/api/account/login’ in log file (top_access_log)

O Strengthen access policies such as blocking unauthorized IPs from accessing the server and changing the default password

O Delete security vulnerable files in iMON server directory

* Delete path: /blazeds/jsp/api/imonMobile folder
delete path: /blazeds/jsp/api/imonMobile folder

O Patch required by the manufacturer directly to the customer

Referenced Sites

Https://www.krcert.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71476

IMON Product Security Advisory

Ollama Open Source Infrastructure Platform Security Update Advisory

Linux Kernel Security Update Advisory (CVE-2024-39291, CVE-2024-38664, CVE-2024-38667)