Security Vulnerabilities - CVEs Published In August 2024
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVSS Score
9.6
EPSS Score
0.061
Published
2024-08-13
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
CVSS Score
8.3
EPSS Score
0.003
Published
2024-08-13
CVE-2024-7593
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2024-08-13
A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-08-13
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.006
Published
2024-08-13
Windows Initial Machine Configuration Elevation of Privilege Vulnerability
CVSS Score
6.8
EPSS Score
0.004
Published
2024-08-13
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS Score
8.2
EPSS Score
0.003
Published
2024-08-13
CVE-2024-38213
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.739
Published
2024-08-13
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.007
Published
2024-08-13
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS Score
7.5
EPSS Score
0.014
Published
2024-08-13