SAP NetWeaver Contains Remotely Executable Code

Over 40,000 SAP customers need to update to the latest version to mitigate risk from remote unauthenticated attackers obtaining complete access to their SAP database. Although there is no evidence it has been exploited yet, it is only a matter of time before malicious attackers take advantage of this. Don’t let them exploit you! The […]

Critical RCE Vulnerability in F5 BIG-IP Application Security Servers

This vulnerability gives the CVSS score of 10/10, meaning it could result in unpatched users to be completely compromised. The issue is in the TMUI configuration utility and can be exploited by unauthenticated remote attackers via sending a malicious HTTP request to the vulnerable server. In June, there were over 8000 vulnerable devices that were […]

Guacamole Open Source Remote Administrative Protocol Session Hijacking

Two CVE’s (2020-9497 and 2020-9498) have been announced in the Apache Guacamole service. Successful exploitation of these vulnerabilities would allow an attacker to hijack a session on the host device or steal credentials. These vulnerabilities have been highlighted in version 1.1.0 of Guacamole. This version of the software should be updated to the latest version […]

Risk Crew