IT-Sicherheitsupdates | Stinner IT Solutions

Cleo Multiple Products Unrestricted File Upload Vulnerability (CVE-2024-50623)

von | 16. Dez 2024 | Unkategorisiert

What is the Vulnerability?An unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution, affecting multiple Cleo products is being actively exploited in the wild. The vulnerability affects the following Cleo products...

Ivanti Cloud Services Application (CSA) Vulnerabilities (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)

von | 13. Dez 2024 | Unkategorisiert

What are the Vulnerabilities?Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) that could lead to privilege escalation and code execution. More details below:CVE-2024-11639, CVSS: 10.0 (Maximum Severity),...

Mitel MiCollab Unauthorized Access (CVE-2024–35286 & CVE-2024–41713)

von | 11. Dez 2024 | Unkategorisiert

What is the attack?Two security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found and are being actively exploited, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected...

ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)

von | 5. Dez 2024 | Unkategorisiert

What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the...

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

von | 15. Nov 2024 | Unkategorisiert

What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user’s NTLMv2 hash to an attacker via a file open operation. The attacker can leverage this hash to impersonate that...

Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)

von | 9. Nov 2024 | Unkategorisiert

What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment...

Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)

von | 8. Nov 2024 | Unkategorisiert

What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated,...

Metabase Information Disclosure Vulnerability (CVE-2021-41277)

von content_admin | 21. Okt 2024 | Unkategorisiert

What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files...

Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)

von | 17. Okt 2024 | Unkategorisiert

What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a...

Ivanti CSA (Cloud Services Appliance) zero-day Attack

von | 8. Okt 2024 | Unkategorisiert

What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass security measures, run arbitrary SQL commands, and execute code remotely.The...