NVD disclosure day
CVE-2024-43573
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A spoofing vulnerability in the Windows MSHTML Platform affects confidentiality and integrity. Attackers could potentially disclose sensitive information or present deceptive content to users. This poses a business risk by allowing unauthorized data access and manipulation of system integrity.
CVE-2024-43572
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
Microsoft Windows systems utilizing the Microsoft Management Console may be affected by a remote code execution vulnerability. This flaw could allow an attacker to execute arbitrary code, potentially leading to unauthorized system control. The primary business risk involves the compromise of system integrity and data c
CVE-2024-43468
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A vulnerability exists in Microsoft Configuration Manager that allows unauthenticated attackers to execute commands on servers or databases. This could lead to unauthorized data access or system control. Organizations should apply vendor fixes promptly to mitigate business risk.
CVE-2024-9380
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in the Ivanti CSA admin web console allows authenticated attackers with administrative access to execute commands on the operating system, potentially leading to system compromise and data breaches. This poses a business risk to organizations using the affected system.
CVE-2024-9379
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A SQL injection vulnerability affects the Ivanti CSA admin web console, allowing authenticated administrators to run unauthorized SQL commands. This poses a business risk of data exposure or service disruption.