NVD disclosure day
CVE-2021-27852
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A deserialization vulnerability in Checkbox Survey allows unauthenticated remote attackers to execute arbitrary code. This impacts organizations using affected versions by potentially leading to unauthorized system access and data compromise. The high severity indicates a significant risk to business operations and dat
CVE-2021-22900
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Ivanti Pulse Connect Secure allows authenticated administrators to perform unauthorized file writes via crafted archive uploads. This impacts system integrity and data, posing a business risk due to the nature of the affected external-facing product.
CVE-2021-22899
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A command injection vulnerability in Ivanti Pulse Connect Secure allows authenticated attackers to execute remote code. This presents a significant risk to organizations using affected systems, potentially leading to business disruption and data compromise.
CVE-2021-22894
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Pulse Connect Secure could allow authenticated attackers to execute arbitrary code on systems. This may impact the confidentiality and integrity of organizational data and systems. Organizations should identify and address affected Pulse Connect Secure assets.