Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of over 60 subsequent account compromises.
Read More

Overview

SAP has released a security update for a missing authentication check vulnerability (CVE-2024-41730) in BusinessObjects Business Intelligence Platform. The vulnerability has a CVSS score of 9.8 and could allow a remote unauthenticated attacker to obtain a logon token using a REST endpoint if Single Sign-On is enabled, potentially leading to full compromise of the system.

Ingress-Nginx – a high-severity security vulnerability (CVE-2024-7646) was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.  This vulnerability has a CVSS score of 8.8.

Ingress-NGINX for Kubernetes manages networking, controls traffic, and enhances security on Layers 4 through 7.

Zoom Workplace Apps and Zoom Rooms App is affected by a high-severity buffer overflow vulnerability (CVE-2024-39825) where overflow in some Zoom Workplace Apps and Rooms Clients could allow an authenticated user to conduct an escalation of privilege via network access.  This vulnerability has a CVSS score of 8.5.

Google has released Chrome version 128.0.6613.84/.85 for Linux, Windows, and Mac. The update includes six high, nine medium, and four low severity vulnerabilities:

  • CVE-2024-7971, a high-severity, type confusion vulnerability in V8, via a specially crafted HTML page is currently being exploited in the wild.
  • CVE-2024-7965, a high-severity, out of bounds write vulnerability that could allow remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability is currently being exploited in the wild.

SolarWinds has released a hotfix to address two critical vulnerabilities affecting the Web Help Desk: a remote code execution (CVE-2024-28986) and a hardcoded credential vulnerability (CVE-2024-28987).

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

SAPSecurity Notes (August 2024)

Ingress-NGINXGithub (Kubernetes)

Zoom Workplace Apps and Zoom Rooms App Security Bulletin

GoogleChrome Releases

SolarWindsSuccess Center Article

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates