NVD disclosure day

Published threat advisories for December 29, 2023

CVE-2023-4675

MDO software flaw could expose customer data and grant attacker control.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A critical flaw in GM Information Technologies MDO software allows attackers to steal or alter sensitive data. This issue needs immediate attention due to its potential to impact business operations and expose customer information.

NVD published: December 29, 2023

CVE advisoryCRITICAL

CVE-2023-4541

Attacker can steal customer data or take control of Ween Admin Panel

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An external attacker can bypass the login of the Ween Software Admin Panel to gain full administrative control over the system. This allows them to extract sensitive database data and administrator credentials, potentially leading to a complete database compromise and unauthorized access to other systems.

NVD published: December 29, 2023