Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
Read more…
Source: Rapid7
Related:
- Juniper Networks Releases Out-of-Cycle Security Bulletin for Critical Vulnerability
February 19, 2025
Juniper Networks has released an out-of-cycle security update addressing one critical API authentication bypass using an alternate path or channel vulnerability, which has a CVSSv4 score of 9.3. Exploitation of the vulnerability could allow a network-based attacker to bypass authentication and take administrative control of the device. Read more… Source: NHS Digital Sign up for our Newsletter Related:
- Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit
February 19, 2025
This article reviews nine vulnerabilities Palo Alto researchers recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA’s Compute Unified Device Architecture (CUDA) Toolkit. The researchers have coordinated with NVIDIA, and the company has released an update in February 2025 to address these issues. The vulnerabilities are tracked as the following Common Vulnerabilities and ...
- Security updates released for PostgreSQL
February 14, 2025
The PostgreSQL Global Development Group (also known as Postgres) has released an advisory to address a high severity vulnerability in PostgreSQL. PostgreSQL is a relational SQL database management system. CVE-2025-1094 is an ‘improper neutralisation of quoting syntax’ vulnerability with a CVSSv3 score of 8.1. If exploited, a remote unauthenticated attacker could achieve SQL injection via sending ...
- Active Exploitation of Critical Vulnerability Chain in SimpleHelp
February 14, 2025
SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on the network. The three vulnerabilities can be used in an exploit chain, which could allow a ...
- Ivanti Releases February 2025 Security Updates
February 12, 2025
Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...
- SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)
February 12, 2025
A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing CVE-2024-53704 on 07 January 2025. Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to ...