Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities. On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)”
Tag: SQL Injection Vulnerability
Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)
Atlassian released a security advisory to address a critical severity vulnerability impacting its popular products, Jira and Confluence. Tracked as CVE-2024-1597, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to expose assets in the environment. The org.postgresql:postgresql dependency vulnerability is only exploited when the instance … Continue reading “Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)”
Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)
The Zabbix server is vulnerable to an SQL injection vulnerability, tracked as CVE-2024-22120. The vulnerability has been given a critical severity rating with a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote authenticated attacker to execute arbitrary SQL queries, allowing the threat actors to dump the database, escalate privileges to admin, … Continue reading “Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)”
F5 BIG-IP Next Central Manager Multiple Vulnerabilities (CVE-2024-21793 & CVE-2024-26026)
F5 BIG-IP Central Manager is vulnerable to two remotely exploitable security flaws, CVE-2024-21793 & CVE-2024-26026. Successful exploitation of the vulnerabilities may allow attackers to gain complete administrative control of the device and subsequently create accounts on any F5 assets managed by the Next Central Manager.
Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)
Atlassian released its Monthly Security Bulletin for March, which addressed 24 high-severity vulnerabilities and one critical-severity vulnerability (CVE-2024-1597). CVE-2024-1597 is a SQL injection vulnerability in the Atlassian Bamboo Server and Data Center. The vulnerability has been given a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an … Continue reading “Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)”