Threat Advisories - NVD Disclosed January 12, 2024

CVE-2024-21887

Ivanti Connect Secure Command Injection Risk.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A command injection vulnerability affects Ivanti Connect Secure and Policy Secure web components, allowing authenticated administrators to run arbitrary commands. This poses a business risk, potentially impacting system control and data integrity for affected organizations.

NVD published: January 12, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-46805

Ivanti Connect Secure Authentication Bypass Affecting Web Component

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An authentication bypass vulnerability affects Ivanti Connect Secure and Policy Secure components, allowing unauthorized access to restricted resources. This poses a business risk as it can enable attackers to gain access to sensitive systems and data. The vulnerability has been observed in active exploitation campaign

NVD published: January 12, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-7028

GitLab Account Takeover Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in GitLab CE/EE could allow unauthorized account access by redirecting password reset emails to unverified addresses. This presents a risk of account takeover and potential data compromise for affected organizations.

NVD published: January 12, 2024 • CISA KEV