Threat Advisories - NVD Disclosed September 14, 2023

CVE-2023-4972

Yepas Digital Yepas can expose customer data and admin control due to an attacker's ability to collect data.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Yepas Digital Yepas can expose customer data and admin control by allowing attackers to collect sensitive information remotely. This critical issue affects customer-facing systems and needs immediate attention.

NVD published: September 14, 2023

CVE advisoryCRITICAL

CVE-2023-4702

Attacker can bypass login on Yepas Digital to gain control

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical flaw in Yepas Digital allows anyone to bypass login and access sensitive data, as the system is designed to be reachable online. Update immediately to prevent unauthorized access.

NVD published: September 14, 2023

CVE advisoryCRITICAL

CVE-2023-4766

Movus allows attackers full control or data theft over your systems.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker can exploit Movus through its public interface to access and steal sensitive database information. This could allow them to expose proprietary information and user credentials, ultimately giving them complete administrative control over the system.

NVD published: September 14, 2023

CVE advisoryCRITICAL

CVE-2023-4669

Exagate SYSGuard 3001 allows attackers to bypass security controls and gain unauthorized access.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker can bypass login controls on the Exagate SYSGuard 3001 monitoring device to gain administrative access. This allows them to alter environmental settings, which could disrupt critical infrastructure operations or provide a foothold to move deeper into the network.

NVD published: September 14, 2023

CVE advisoryCRITICAL

CVE-2023-4832

Attacker can steal sensitive customer data or take control of Aceka Company Management systems.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker can exploit a flaw in Aceka Company Management to steal credentials and sensitive corporate records. This could allow them to gain administrative control over the platform, exposing confidential business assets and risking a broader compromise of the corporate network.

NVD published: September 14, 2023

CVE advisoryKnown Exploit

CVE-2023-38205

Adobe ColdFusion Access Control Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Adobe ColdFusion allows unauthorized access to administrative functions by bypassing security controls. This impacts organizations using affected versions, potentially exposing systems to attackers without requiring user interaction. The business risk involves unauthorized access to critical function

NVD published: September 14, 2023 • CISA KEV