NVD disclosure day

Published threat advisories for July 17, 2023

CVE advisoryCRITICAL

CVE-2023-3376

Zekiweb allows attackers to steal customer data and take control of systems.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical flaw in Zekiweb lets attackers steal sensitive customer data and control systems remotely by injecting malicious code into the application. This issue, affecting versions before 2.0, requires immediate attention due to its broad exposure and potential for serious compromise.

NVD published:

CVE advisoryCRITICAL

CVE-2023-2963

Attacker can steal data and control Oliva Expertise EKS because it can't process commands safely.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An external attacker could take advantage of a security flaw in the Oliva Expertise EKS web interface to bypass access controls. This may allow them to view, modify, or delete sensitive records held within your organization's database.

NVD published:

CVE advisoryMEDIUM

CVE-2023-2960

Oliva Expertise EKS allows attackers to inject malicious code through web pages to steal customer data or control services.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An external attacker could exploit a flaw in Oliva Expertise EKS to inject malicious scripts into the web interface. This allows them to hijack active user sessions, perform unauthorized actions, or take over accounts to access sensitive information.

NVD published: