In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 07-08, 2024.
During this period, The National Vulnerability Database published 111, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 22
Medium: 26
Low: 2
Severity Not Assigned: 60
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-38286
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.
Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
References: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-1973
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
References: https://access.redhat.com/errata/RHSA-2024:1674
https://access.redhat.com/errata/RHSA-2024:1675
https://access.redhat.com/errata/RHSA-2024:1676
https://access.redhat.com/errata/RHSA-2024:1677
https://access.redhat.com/errata/RHSA-2024:2763
https://access.redhat.com/errata/RHSA-2024:2764
https://access.redhat.com/security/cve/CVE-2023-1973
https://bugzilla.redhat.com/show_bug.cgi?id=2185662
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-10203
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
References: https://www.manageengine.com/products/desktop-central/cve-2024-10203.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-51504
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication via spoofing client's IP address in request headers. Default configuration honors X-Forwarded-For HTTP header to read client's IP address. X-Forwarded-For request header is mainly used by proxy servers to identify the client and can be easily spoofed by an attacker pretending that the request comes from a different IP address. Admin Server commands, such as snapshot and restore arbitrarily can be executed on successful exploitation which could potentially lead to information leakage or service availability issues. Users are recommended to upgrade to version 3.9.3, which fixes this issue.
References: https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-24914
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
References: https://support.checkpoint.com/results/sk/sk182743
CWE-ID: CWE-914
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-43425
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304253
https://moodle.org/mod/forum/discuss.php?d=461193
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-43426
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304254
https://moodle.org/mod/forum/discuss.php?d=461194
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-43428
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: To address a cache poisoning risk in Moodle, additional validation for local storage was required.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304256
https://moodle.org/mod/forum/discuss.php?d=461196
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-43431
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304259
https://moodle.org/mod/forum/discuss.php?d=461199
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-43434
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304262
https://moodle.org/mod/forum/discuss.php?d=461203
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-43436
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304264
https://moodle.org/mod/forum/discuss.php?d=461206
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-43438
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304267
https://moodle.org/mod/forum/discuss.php?d=461208
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-43440
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in moodle. A local file may include risks when restoring block backups.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304269
https://moodle.org/mod/forum/discuss.php?d=461210
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-40715
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.5
Description: A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
References: https://www.veeam.com/kb4682
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-48950
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
References: https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968264954525-Authentication-and-CSRF-bypass-leading-to-unauthorized-access
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-48951
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass.
References: https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968916591261-Server-Side-Request-Forgery-SSRF-on-SOAR-results-in-authentication-bypass
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-48953
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.
References: https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968899128221-Authentication-Bypass-using-URL-endpoints-in-the-Authentication-Modules
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
18. CVE-2020-11919
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.
References: https://seclists.org/fulldisclosure/2024/Jul/14
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-45794
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-51989
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability.
### Solution
Update to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible,
References: https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-5chg-cq29-gfqf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-51994
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-jjph-c25g-5c7g
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-51995
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-10975
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
References: https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 07-08, 2024.
During this period, The National Vulnerability Database published 111, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 22
Medium: 26
Low: 2
Severity Not Assigned: 60
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-38286
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.
Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
References: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-1973
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
References: https://access.redhat.com/errata/RHSA-2024:1674
https://access.redhat.com/errata/RHSA-2024:1675
https://access.redhat.com/errata/RHSA-2024:1676
https://access.redhat.com/errata/RHSA-2024:1677
https://access.redhat.com/errata/RHSA-2024:2763
https://access.redhat.com/errata/RHSA-2024:2764
https://access.redhat.com/security/cve/CVE-2023-1973
https://bugzilla.redhat.com/show_bug.cgi?id=2185662
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-10203
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
References: https://www.manageengine.com/products/desktop-central/cve-2024-10203.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-51504
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication via spoofing client's IP address in request headers. Default configuration honors X-Forwarded-For HTTP header to read client's IP address. X-Forwarded-For request header is mainly used by proxy servers to identify the client and can be easily spoofed by an attacker pretending that the request comes from a different IP address. Admin Server commands, such as snapshot and restore arbitrarily can be executed on successful exploitation which could potentially lead to information leakage or service availability issues. Users are recommended to upgrade to version 3.9.3, which fixes this issue.
References: https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-24914
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
References: https://support.checkpoint.com/results/sk/sk182743
CWE-ID: CWE-914
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-43425
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304253
https://moodle.org/mod/forum/discuss.php?d=461193
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-43426
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304254
https://moodle.org/mod/forum/discuss.php?d=461194
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-43428
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: To address a cache poisoning risk in Moodle, additional validation for local storage was required.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304256
https://moodle.org/mod/forum/discuss.php?d=461196
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-43431
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304259
https://moodle.org/mod/forum/discuss.php?d=461199
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-43434
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304262
https://moodle.org/mod/forum/discuss.php?d=461203
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-43436
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304264
https://moodle.org/mod/forum/discuss.php?d=461206
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-43438
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304267
https://moodle.org/mod/forum/discuss.php?d=461208
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-43440
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in moodle. A local file may include risks when restoring block backups.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2304269
https://moodle.org/mod/forum/discuss.php?d=461210
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-40715
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.5
Description: A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
References: https://www.veeam.com/kb4682
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-48950
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
References: https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968264954525-Authentication-and-CSRF-bypass-leading-to-unauthorized-access
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-48951
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass.
References: https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968916591261-Server-Side-Request-Forgery-SSRF-on-SOAR-results-in-authentication-bypass
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-48953
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.
References: https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968899128221-Authentication-Bypass-using-URL-endpoints-in-the-Authentication-Modules
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
18. CVE-2020-11919
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.
References: https://seclists.org/fulldisclosure/2024/Jul/14
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-45794
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-51989
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability.
### Solution
Update to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible,
References: https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-5chg-cq29-gfqf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-51994
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-jjph-c25g-5c7g
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-51995
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-10975
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
References: https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found