Security Vulnerabilities - CVEs Published In September 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
CVSS Score
5.2
EPSS Score
0.001
Published
2024-09-12
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-12
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.0 (inclusive)
From 7.2.49.0 to 7.2.54.11 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.11 and all prior versions
ECS
All prior versions to 7.2.60.0 (inclusive)
CVSS Score
8.4
EPSS Score
0.001
Published
2024-09-12
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-09-12
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-09-12
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
CVSS Score
6.8
EPSS Score
0.055
Published
2024-09-12
CVE-2024-45825 IMPACT
A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-09-12
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-09-12
CVE-2024-45823 IMPACT
An
authentication bypass vulnerability exists in the affected product. The
vulnerability exists due to shared secrets across accounts and could allow a threat
actor to impersonate a user if the threat actor is able to enumerate additional
information required during authentication.
CVSS Score
8.1
EPSS Score
0.0
Published
2024-09-12
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-09-12