NVD disclosure day

Published threat advisories for December 17, 2024

CVE-2024-8972

SQL Injection Vulnerability in Saha365 App Exposes Data

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An SQL Injection vulnerability in the Saha365 App allows attackers to manipulate database commands, potentially leading to unauthorized access or modification of sensitive data. This poses a business risk by affecting data integrity and confidentiality.

NVD published: December 17, 2024

CVE advisoryKnown Exploit

CVE-2024-12356

BeyondTrust Remote Access Command Injection Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

BeyondTrust Privileged Remote Access and Remote Support products are affected by a vulnerability allowing unauthenticated command injection. This could enable attackers to execute commands as a site user, posing a risk to systems and data. The business risk includes potential unauthorized actions and system disruption.

NVD published: December 17, 2024 • CISA KEV