Security News

Two cross-site scripting vulnerabilities affecting Roundcube could be exploited by attackers to steal users' emails and contacts, email password, and send emails from their account. "No user interaction beyond viewing the attacker's email is required to exploit. For CVE-2024-42008, a single click by the victim is needed for the exploit to work, but the attacker can make this interaction unobvious for the user," Sonar vulnerability researcher Oskar Zeino-Mahmalat noted.

CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. Apache OFBiz is an open-source framework for enterprise resource planning that encompasses web applications that serve common business needs, such as human resources, accounting, inventory management, customer relationship management, marketing and so on.

Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system."ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network," Microsoft's threat analysts explained.

CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. Acronis Cyber Infrastructure is an IT infrastructure solution that provides storage, compute, and network resources.

Progress Software has fixed a critical vulnerability in its Telerik Report Server solution and is urging users to upgrade as soon as possible. Telerik Report Server is an enterprise solution for storing, creating, managing and viewing reports in web and desktop applications.

A critical-severity Docker Engine vulnerability may be exploited by attackers to bypass authorization plugins via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," Docker Senior Security Engineer Gabriela Georgieva explained.

A recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers. Splunk Enterprise is a data analytics and monitoring platform that allows organization to collect and analyze machine-generated data from a variety of sources, such as network and security devices, servers, etc.

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways and change the password of any user on its Smart Software Manager On-Prem license servers. Cisco Secure Email Gateways aim to protect businesses against emails laden with malware, malicious links and scams, and against exfiltration of sensitive data via email.

The maintainers of the Exim mail transfer agent have fixed a critical vulnerability that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. CVE-2024-39929 affects Exim releases up to and including 4.97.1, and has been fixed in Exim v4.98, which was released last week.

CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. "Check Point Research recently discovered that threat actors have been using novel tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files, which, when clicked, would call the retired Internet Explorer to visit the attacker-controlled URL," he explained.