WiseHub Systems Product Security Action Recommendations

Mar 07 2024

Overview

WiseHub Systems has made available an update to address a vulnerability in its GRADIUS DLP solution (a unified internal information leakage prevention audit solution). users of affected versions are advised to update to the latest version.

Affected Products

GRADIUS DLP 8.x versions

Resolved Vulnerabilities

Webshell upload vulnerability in GRADIUS DLP solution

checks and Remediation

on March 6, 2024, a check and remediation plan was made available. please follow the checks and remediation plan below.

checklist

Check for files in the server folder under the GRADIUS DLP installation path that have different upload dates than normal files
(gsallow.6.x.jsp, gsub6.x.jsp, etc. are disguised as legitimate files)

what to do

Remove the upload.jsp file in the server folder under the GRADIUS DLP installation path
the upload.jsp file is for manual patching, so there is no impact on service operation
after removing the upload.jsp file, contact your provider for further action

Referenced Sites

[1] WiseHub Systems homepage address
https://www.whub.co.kr/
[2] WiseHub Systems Product Security Advisory
https://www.krcert.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71361

WiseHub Systems Product Security Action Recommendations

Overview

Affected Products

Resolved Vulnerabilities

checks and Remediation

Referenced Sites

JetBrains TeamCity Security Update Advisory (CVE-2024-27198, CVE-2024-27199)

Citrix product family (Citrix Hypervisor, Citrix Virtual Apps and Desktops, etc.) security update recommendations

Overview

Affected Products

Resolved Vulnerabilities

checks and Remediation

Referenced Sites

Tags:

JetBrains TeamCity Security Update Advisory (CVE-2024-27198, CVE-2024-27199)

Citrix product family (Citrix Hypervisor, Citrix Virtual Apps and Desktops, etc.) security update recommendations