Multiple SAP Products Vulnerabilities

July 12, 2024

NuGet Supply Chain Attack Reveals 60 New Malicious Packages – Active IOCs

July 12, 2024

CVE-2024-22280 – VMware Aria Automation Vulnerability

July 12, 2024

Severity

High

Analysis Summary

CVE-2024-22280

VMware Aria Automation is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to perform unauthorized read/write operations in the database.

Impact

Data Manipulation

Indicators of Compromise

CVE

CVE-2024-22280

Affected Vendors

VMWare

Affected Products

VMware Cloud Foundation 4.0
VMware Cloud Foundation 5.0
VMware Aria Automation 8.11
VMware Aria Automation 8.12
VMware Aria Automation 8.13
VMware Aria Automation 8.14

Remediation

Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.

VMware Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

IBM i Flaw Enables Privilege Escalation by Attackers

Multiple Zoho ManageEngine Exchange Reporter Vulnerabilities

North Korean APT Deploys npm Supply Chain Malware for Crypto Theft – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple SAP Products Vulnerabilities

NuGet Supply Chain Attack Reveals 60 New Malicious Packages – Active IOCs

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation