NVD disclosure day
CVE-2023-35078
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized access to restricted functions and data. This poses a risk to organizations through potential exposure of sensitive information and compromise of managed devices. Attackers with network access can exploit this flaw without authentication, leading
CVE-2023-35067
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker could steal user credentials from the E-Invoice Approval System by reading stored passwords in its files, potentially gaining unauthorized access to sensitive financial data.
CVE-2023-35066
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An external attacker can manipulate the Infodrom E-Invoice Approval System to access or change stored information. This allows them to read, alter, or delete sensitive financial records, risking business fraud and data exposure.
CVE-2023-3046
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in Biltay's Scienta software allows attackers to steal sensitive data or take control of systems. This issue is reachable from the internet and requires immediate attention.