Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending October, 2024
Subscribers favorite #1
GitHub fixes Critical Vulnerability CVE-2024-9487
GitHub has released security updates to address two vulnerabilities in GitHub Enterprise Server, one of which could allow attackers to bypass authentication and gain unauthorized access.
The critical vulnerability tracked as CVE-2024-9487, with a CVSS score of 9.5 resides in the platform’s SAML SSO authentication mechanism. An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance……
Subscribers favorite #2
Solarwinds fixes Critical vulnerability CVE-2024-28988 in WHD Product
SolarWinds, has issued a patch for addressing a severe vulnerability in its Web Help Desk (WHD) platform. If exploited, could allow remote attackers to execute arbitrary commands on the host system.
The vulnerability, tracked as CVE-2024-28988, has a CVSS score of 9.8, stems from a Java Deserialization issue, which exposes the Web Help Desk software to remote code execution attacks. According to SolarWinds, this flaw could allow an unauthenticated attacker to run malicious commands on the system hosting the Web Help Desk, giving them near-unrestricted access……
Subscribers favorite #3
Spring framework fixes a High severity vulnerability CVE-2024-38819
Spring Framework has been identified with a new path traversal vulnerability, poses a significant risk to applications serving static resources via WebMvc.fn or WebFlux.fn functional web frameworks.
The vulnerability tracked as CVE-2024-38819 with a CVSS score of 7.5, arises when static resources are served through the functional web frameworks of Spring, WebMvc.fn and WebFlux.fn. By crafting malicious HTTP requests, attackers can exploit this vulnerability to access files that are readable by the same process running the Spring application……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
Gitlab fixes CVE-2024-8312 and CVE-2024-6826
GitLab has released patches for two vulnerabilities affecting multiple versions of its Community Edition (CE) and Enterprise Edition (EE) software. The vulnerabilities, identified as CVE-2024-8312 and CVE-2024-6826, could allow attackers to execute malicious code and disrupt service availability.
This first vulnerability, tracked as CVE-2024-8312 with a CVSS 3.1 score of 8.7, allows attackers to inject malicious HTML code into the Global Search field on a diff view.
The second vulnerability, CVE-2024-6826, with a CVSS 3.1 score of 6.5, is a denial of service could occur via importing a malicious crafted XML manifest file. This flaw could allow attackers to overload the server and disrupt service for legitimate users……
Subscribers favorite #5
Fortinet keeps quiet about a critical vulnerability
*****The vulnerability is CVE-2024-47575***** – A separate blogpost has been released late last week
Fortinet seems to keep a critical vulnerability under wraps for more than a week, amid reports that attackers are using it to execute malicious code on servers used by sensitive customer organizations.
Fortinet keeping mum shows the lack of transparency is consistent with previous zero-days that have been exploited against Fortinet customers. With no authoritative source for information, customers, reporters, and others have few other avenues for information other than social media posts where the attacks are being discussed…..
With the evidence of mass exploitation, CISA has added this Fortimanager vulnerability to its KEV Catalog
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
