And yes it is a 9.8/10 meaning trivial to exploit with maximum damage…. In other words all hell is breaking loose.
The new F5 RCE vulnerability, CVE-2022-1388, is trivial to exploit. We spent some time chasing unrelated diffs within the newest version, but @jameshorseman2 ultimately got first blood. We'll release a POC next week to give more time for orgs to patch.#f5#CyberSecuritypic.twitter.com/O1SivUE4vA
— Horizon3 Attack Team (@Horizon3Attack) May 6, 2022
Running your applications within a SaaS Low/No-code platform such as NoCode-X, the responsibility to mitigate such vulnerabilities is mostly assigned to your platform or service provider.
You delegate a lot of tasks and responsibilities to your providers. This is an important part to define good governance in your supply chain. Did you know that the supply chain is one of the top attack surfaces which could lead to cyber impact? Mainly this is the result of poor cyber security execution of responsibilities, incorrectly trusted connections to your information, etc..; Mostly these are shared or solely the responsibility of your service provider.
Does your service provider show enough commitment with regards to patch management to cope with vulnerabilities? And is your provider transparent in his runtime platform and does he report concerning the success ratio of the patch management. This is an excellent Key Risk Indicator (KRI) to report upon the performance of your contract.
Want to know more about NoCode-X and its security features, don’t hesitate to reach out.
Official link vulnerability reference: CVE-2022-1388