A critical severity flaw with the maximum severity rating is discovered in the GitHub Enterprise Server (GHES). Tracked as CVE-2024-4985, the vulnerability may allow an attacker to access the vulnerable server without prior authentication.
Tag: authentication bypass vulnerability
Progress OpenEdge Authentication Gateway and AdminServer Authentication Bypass Vulnerability (CVE-2024-1403)
Progress has released patches to address a security flaw that may cause unauthorized access on attempted logins. Tracked as CVE-2024-1403, the vulnerability impacts the OpenEdge Authentication Gateway and AdminServer. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)
Ivanti has warned users to patch an XML external entity vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. CVE-2024-22024 may allow an attacker to access certain restricted resources without authentication. Ivanti has mentioned in the advisory, “We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review … Continue reading “Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)”
JetBrains TeamCity On-Premises Authentication Bypass vulnerability (CVE-2024-23917)
JetBrains has released a patch to address a critical flaw tracked as CVE-2024-23917. The vulnerability in TeamCity On-Premises may allow an attacker to gain admin privileges on successful exploitation.
GoAnywhere Managed File Transfer (MFT) Authentication Bypass Vulnerability (CVE-2024-0204)
Security researchers at Spark Engineering Consultants have discovered an authentication bypass vulnerability in GoAnywhere Managed File Transfer. Tracked as CVE-2024-0204, the vulnerability has a critical severity and a CVSS score of 9.8. The vulnerability allows an unauthorized user to create an admin user via the administration portal.
Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)
The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”
Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)
The SonicWall Threat research team has discovered an authentication bypass vulnerability in Apache OFBiz, a Java-based web framework. Tracked as CVE-2023-51467, the vulnerability has a critical severity rating with a CVSS score of 9.8. An attacker who exploits the vulnerability may bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). A security researcher at … Continue reading “Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)”
VMware Cloud Director Authentication Bypass Vulnerability (CVE-2023-34060)
Dustin Hartle from Ideal Integrations Inc. has discovered an authentication bypass vulnerability in VMware Cloud Director Appliance (VCD Appliance). CVE-2023-34060 is given critical severity with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to bypass login restrictions when authenticating.
Ivanti Sentry Zero-day Vulnerability being Exploited in the wild (CVE-2023-38035)
Ivanti has released a patch to an actively exploited API Authentication Bypass vulnerability. CVE-2023-38035 has been given a high severity rating with a CVSS score of 9.8. The vulnerability may allow an unauthenticated actor to access sensitive APIs configuring the Ivanti Sentry on the administrator portal. Ivanti has mentioned in the advisory that they are … Continue reading “Ivanti Sentry Zero-day Vulnerability being Exploited in the wild (CVE-2023-38035)”
Grafana Critical Authentication Bypass Vulnerability (CVE-2023-3128)
Grafana has released security updates to address an authentication bypass/account takeover vulnerability. CVE-2023-3128 has been rated as critical with a CVSSv3.1 base score of 9.4. Successful exploitation of the vulnerability will allow an attacker to gain complete control of a user’s account, including access to private customer data and sensitive information. Grafana is a multi-platform … Continue reading “Grafana Critical Authentication Bypass Vulnerability (CVE-2023-3128)”
