Tag: authentication bypass vulnerability

Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)

Posted by Author Diksha Ojha on Posted on

A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.

Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)

Posted by Author Diksha Ojha on Posted on

Veeam released a security advisory to address four vulnerabilities of different severity ratings. All the vulnerabilities impact Veeam Backup and Replication. One of the four vulnerabilities, CVE-2024-29849, is rated as critical with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to log in to the Veeam Backup Enterprise … Continue reading “Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)”

Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)

Posted by Author Diksha Ojha on Posted on

Ivanti has warned users to patch an XML external entity vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. CVE-2024-22024 may allow an attacker to access certain restricted resources without authentication. Ivanti has mentioned in the advisory, “We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review … Continue reading “Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)”

GoAnywhere Managed File Transfer (MFT) Authentication Bypass Vulnerability (CVE-2024-0204)

Posted by Author Diksha Ojha on Posted on

Security researchers at Spark Engineering Consultants have discovered an authentication bypass vulnerability in GoAnywhere Managed File Transfer. Tracked as CVE-2024-0204, the vulnerability has a critical severity and a CVSS score of 9.8. The vulnerability allows an unauthorized user to create an admin user via the administration portal.

Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)

Posted by Author Diksha Ojha on Posted on

The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”

Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)

Posted by Author Diksha Ojha on Posted on

The SonicWall Threat research team has discovered an authentication bypass vulnerability in Apache OFBiz, a Java-based web framework. Tracked as CVE-2023-51467, the vulnerability has a critical severity rating with a CVSS score of 9.8. An attacker who exploits the vulnerability may bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). A security researcher at … Continue reading “Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)”

VMware Cloud Director Authentication Bypass Vulnerability (CVE-2023-34060)

Posted by Author Diksha Ojha on Posted on

Dustin Hartle from Ideal Integrations Inc. has discovered an authentication bypass vulnerability in VMware Cloud Director Appliance (VCD Appliance). CVE-2023-34060 is given critical severity with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to bypass login restrictions when authenticating.