NVD disclosure day
CVE-2024-1107
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authorization bypass vulnerability in Travel APPS may allow unauthorized access to sensitive data and system functions. This could impact organizations by exposing confidential information and potentially disrupting operations. The vulnerability could be exploited by unauthenticated attackers.
CVE-2024-0949
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Elektraweb allows authentication bypass, potentially exposing systems and data to unauthorized access. The risk to organizations includes unauthorized access to sensitive information and compromised business functions. Affected systems and data integrity may be impacted.
CVE-2024-0947
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Elektraweb allows attackers to falsify session credentials by manipulating cookies. This could lead to unauthorized access and data modification, posing a risk to affected organizations and their data. Mitigation steps include identifying affected systems and applying vendor updates.