March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple WordPress Plugins Vulnerabilities
July 11, 2024Veeam Backup Software Vulnerability Actively Exploited by New Ransomware Group – Active IOCs
July 11, 2024Multiple WordPress Plugins Vulnerabilities
July 11, 2024Veeam Backup Software Vulnerability Actively Exploited by New Ransomware Group – Active IOCs
July 11, 2024
Severity
High
Analysis Summary
CVE-2024-32861 CVSS:8.8
Johnson Controls Software House C CURE 9000 could allow a remote attacker to obtain sensitive information, caused by an incorrect default permissions flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2024-32759 CVSS:8.8
Johnson Controls Software House C CURE 9000 could allow a remote attacker to bypass security restrictions, caused by the use of weak credentials. By sending a specially-crafted request, an attacker could exploit this vulnerability to <bypass access restrictions/obtain credentials/other>.
Impact
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-32861
- CVE-2024-32759
Affected Vendors
Johnson Controls
Affected Products
- Johnson Controls Software House C CURE 9000 3.00.3
- Johnson Controls Software House C CURE 9000 2.80
Remediation
Refer to Johnson Controls Product Security Advisory for patch, upgrade or suggested workaround information.