NVD disclosure day

Published threat advisories for April 13, 2022

CVE advisoryKnown Exploit

CVE-2022-24816

JAI-EXT: Network Script Compilation Allows Remote Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Organizations using JAI-EXT, particularly within the GeoServer project, face a risk of remote code execution. Attackers can exploit this by sending crafted network requests that execute malicious Jiffle scripts, potentially leading to unauthorized system access and data compromise. Mitigation involves updating to patch

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2022-22960

VMware Access and Automation Privilege Escalation

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

VMware products are affected by a privilege escalation vulnerability due to improper permissions in support scripts. This impacts organizations by allowing an attacker with local access to gain root privileges, potentially leading to unauthorized access to sensitive data and business disruption. This internal threat re

NVD published: • CISA KEV