AttackerKB
attackerkb
New assessment for topic: CVE-2024-21893
Topic description: "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. ..."
"See the [Rapid7 analysis](https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis) for details on the exploit chain. ..."
Link: https://www.attackerkb.com/assessments/66090ad3-38c1-4761-b482-52152fd36790
Topic description: "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. ..."
"See the [Rapid7 analysis](https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis) for details on the exploit chain. ..."
Link: https://www.attackerkb.com/assessments/66090ad3-38c1-4761-b482-52152fd36790
0
0
0
AttackerKB
attackerkb
New Rapid7 Analysis on AttackerKB topic: CVE-2024-21893
"On January 31, 2024, Ivanti [disclosed](https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure) CVE-2024-21893, affecting Ivanti Connect Secure and Ivanti Policy Secure ..."
Link: https://www.attackerkb.com/topics/4f92b26a-6c79-4b43-af83-cf55bd30dbb4
"On January 31, 2024, Ivanti [disclosed](https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure) CVE-2024-21893, affecting Ivanti Connect Secure and Ivanti Policy Secure ..."
Link: https://www.attackerkb.com/topics/4f92b26a-6c79-4b43-af83-cf55bd30dbb4
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-49085
Topic description: "Cacti provides an operational monitoring and fault management framework ..."
"This is a [blind SQL injection](https://owasp.org/www-community/attacks/Blind_SQL_Injection) in the poller device management page (`pollers.php`), which can be exploited with time-based techniques ..."
Link: https://www.attackerkb.com/assessments/d255b582-0e80-4b5c-8a08-dd0f4697a64e
Topic description: "Cacti provides an operational monitoring and fault management framework ..."
"This is a [blind SQL injection](https://owasp.org/www-community/attacks/Blind_SQL_Injection) in the poller device management page (`pollers.php`), which can be exploited with time-based techniques ..."
Link: https://www.attackerkb.com/assessments/d255b582-0e80-4b5c-8a08-dd0f4697a64e
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-49084
Topic description: "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB) ..."
"This is a local file inclusion vulnerability that affects the external links page `link.php` ..."
Link: https://www.attackerkb.com/assessments/35aa86fa-7444-4782-8f60-458cbc3df7c2
Topic description: "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB) ..."
"This is a local file inclusion vulnerability that affects the external links page `link.php` ..."
Link: https://www.attackerkb.com/assessments/35aa86fa-7444-4782-8f60-458cbc3df7c2
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-22515
Topic description: "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. ..."
"[metadata only] ..."
Link: https://www.attackerkb.com/assessments/fe0d1818-0a18-43ab-ba43-dd29e2dd7d15
Topic description: "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. ..."
"[metadata only] ..."
Link: https://www.attackerkb.com/assessments/fe0d1818-0a18-43ab-ba43-dd29e2dd7d15
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-23897
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"Looking into this vulnerability, there are a number of factors to consider when gauging exploitability ..."
Link: https://www.attackerkb.com/assessments/6381d058-7c24-4c5a-83f5-29083dfbfd62
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"Looking into this vulnerability, there are a number of factors to consider when gauging exploitability ..."
Link: https://www.attackerkb.com/assessments/6381d058-7c24-4c5a-83f5-29083dfbfd62
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-41474
Topic description: "Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. ..."
"This is a path traversal vulnerability in Ivanti Avalanche version 6.3.4.153 ..."
Link: https://www.attackerkb.com/assessments/cd0c0c3b-47ab-419a-a3a8-0297705b8560
Topic description: "Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. ..."
"This is a path traversal vulnerability in Ivanti Avalanche version 6.3.4.153 ..."
Link: https://www.attackerkb.com/assessments/cd0c0c3b-47ab-419a-a3a8-0297705b8560
0
0
1
AttackerKB
attackerkb
New assessment for topic: CVE-2023-41265
Topic description: "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request ..."
"Rapid7 saw exploitation of this in customer environments in early December 2023 ..."
Link: https://www.attackerkb.com/assessments/9951767f-04e7-43a7-b30b-20d2296cf622
Topic description: "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request ..."
"Rapid7 saw exploitation of this in customer environments in early December 2023 ..."
Link: https://www.attackerkb.com/assessments/9951767f-04e7-43a7-b30b-20d2296cf622
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-37679
Topic description: "A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. ..."
"Mirth Connect is vulnerable to unauthenticated RCE due to the mishandling of data that is unmarshalled by the XStream library ..."
Link: https://www.attackerkb.com/assessments/fd2fd562-df20-440b-8577-c9195a9d31a7
Topic description: "A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. ..."
"Mirth Connect is vulnerable to unauthenticated RCE due to the mishandling of data that is unmarshalled by the XStream library ..."
Link: https://www.attackerkb.com/assessments/fd2fd562-df20-440b-8577-c9195a9d31a7
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-6933
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"The "Better Search Replace" plugin for WordPress exhibits a critical vulnerability known as PHP Object Injection ..."
Link: https://www.attackerkb.com/assessments/5e518dea-96f8-4d0d-a078-9c273b249a24
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"The "Better Search Replace" plugin for WordPress exhibits a critical vulnerability known as PHP Object Injection ..."
Link: https://www.attackerkb.com/assessments/5e518dea-96f8-4d0d-a078-9c273b249a24
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-37580
Topic description: "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. ..."
"Per Google's Threat Analysis Group (TAG), this bug was [exploited as a zero-day](https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/) and has been used by at least four different threat actors to "steal email data, user credentials, and authentication tokens." Threat campaigns have targeted Greece, Moldova, Tunisia, Vietnam, and Pakistan ..."
Link: https://www.attackerkb.com/assessments/2c2c49bb-bf2d-493d-8073-3fc921a59355
Topic description: "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. ..."
"Per Google's Threat Analysis Group (TAG), this bug was [exploited as a zero-day](https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/) and has been used by at least four different threat actors to "steal email data, user credentials, and authentication tokens." Threat campaigns have targeted Greece, Moldova, Tunisia, Vietnam, and Pakistan ..."
Link: https://www.attackerkb.com/assessments/2c2c49bb-bf2d-493d-8073-3fc921a59355
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-27532
Topic description: "Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained ..."
"We've continued to see [reports](https://twitter.com/malmoeb/status/1744145322748567860) of exploitation for CVE-2023-27532 ..."
Link: https://www.attackerkb.com/assessments/211c013a-d82b-479a-9997-d447a3bb33fc
Topic description: "Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained ..."
"We've continued to see [reports](https://twitter.com/malmoeb/status/1744145322748567860) of exploitation for CVE-2023-27532 ..."
Link: https://www.attackerkb.com/assessments/211c013a-d82b-479a-9997-d447a3bb33fc
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-43208
Topic description: "NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution ..."
"Knocking down attacker value a bit because there [appear to be](https://twitter.com/Shadowserver/status/1749803281898262597) only a few hundred of these exposed and vulnerable, and perhaps surprisingly, it's been a few months since full details were released and there's still no known exploitation ..."
Link: https://www.attackerkb.com/assessments/6baa7b56-79b5-4fcb-8bc9-2970ac0a0d25
Topic description: "NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution ..."
"Knocking down attacker value a bit because there [appear to be](https://twitter.com/Shadowserver/status/1749803281898262597) only a few hundred of these exposed and vulnerable, and perhaps surprisingly, it's been a few months since full details were released and there's still no known exploitation ..."
Link: https://www.attackerkb.com/assessments/6baa7b56-79b5-4fcb-8bc9-2970ac0a0d25
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-6553
Topic description: "The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file ..."
"The Backup Migration Wordpress plugin describes itself as an all in one solution if you need to migrate your WordPress site to another host or just restore the site from a backup ..."
Link: https://www.attackerkb.com/assessments/2c58ed71-2d98-4aec-9b22-bb835fea1371
Topic description: "The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file ..."
"The Backup Migration Wordpress plugin describes itself as an all in one solution if you need to migrate your WordPress site to another host or just restore the site from a backup ..."
Link: https://www.attackerkb.com/assessments/2c58ed71-2d98-4aec-9b22-bb835fea1371
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-23897
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"CVE-2024-23897 has been identified as an arbitrary file read vulnerability in Jenkins, specifically through its built-in command line interface (CLI) ..."
Link: https://www.attackerkb.com/assessments/bfc5dce6-718d-4e43-a6f4-07e88f4e09cf
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"CVE-2024-23897 has been identified as an arbitrary file read vulnerability in Jenkins, specifically through its built-in command line interface (CLI) ..."
Link: https://www.attackerkb.com/assessments/bfc5dce6-718d-4e43-a6f4-07e88f4e09cf
0
0
0