Photo credit: www.csoonline.com
The security landscape remains a pivotal concern for organizations as they navigate potential threats. In a recent assessment, experts highlighted that the necessary privileges for exploitation are categorized as Low, indicating that a standard account login is sufficient for attackers to initiate an injection attack. This method potentially allows for significant compromises following a successful account takeover.
CISOs are particularly urged to review SAP Security Note #3572688, which has been assigned a critical CVSS score of 9.8. This note addresses a serious authentication bypass vulnerability found in SAP Financial Consolidation. Because of deficiencies in the authentication framework, unauthorized users could exploit this flaw to assume the Admin account, posing severe risks to the application’s confidentiality, integrity, and availability.
Google Android Fixes
In a related development, Malwarebytes has reported that Google has addressed a total of 62 vulnerabilities in its Android operating systems, specifically versions 13, 14, and 15. Device manufacturers were informed of these issues at least a month in advance to ensure timely rollout of updates to their users. Notably, among the vulnerabilities patched are two that have been actively exploited by cyber adversaries.
Source
www.csoonline.com