To address the vulnerability, Metabase released patches and instructions that are available at: https://www.metabase.com/blog/security-advisory
Advisories
Spring has released updated versions of Spring Security (6.1.2 / 6.0.5 / 5.8.5 / 5.7.10 / 5.6.12) to fix the vulnerability, users are recommended to upgrade as quickly as possible.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems to V5.4 or later version as soon as possible and to analyse system and network logs for any suspicious activity.
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
Update
Patch systems to version 22.1.3 or later
The Centre for Cybersecurity Belgium strongly recommends to stop using the discontinued VM2 project for production as soon as possible. The developer of the project suggests users to migrate their code to the "isolated-vm" project.
The Centre for Cybersecurity Belgium strongly recommends to update the affected software as soon as possible.
The Centre for Cyber Security Belgium strongly recommends system administrators to visit Ivantis’s Customer Portal to download and install the patched versions of this software.
MikroTik recommends upgrading your software:
- MikroTik RouterOS stable v6.49.7
- MikroTik RouterOS long-term v6.49.8
It is also considered good practice to: