Security Practitioner



Showing 7–12 of 93 results

CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive

On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory details that there exists an authentication bypass vulnerability which effects certain components of the OpenEdge platform. Our proof of concept can be found here. When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS...
Read More

ConnectWise ScreenConnect: Authentication Bypass Deep Dive

Introduction On February 19, 2023, ConnectWise published a security advisory for their ScreenConnect remote management tool. In the advisory, they describe two vulnerabilities, an authentication bypass with CVSS 10.0 and a path traversal with CVSS 8.4 (both currently without assigned CVE IDs). In this post we will dive into the technical details of the authentication bypass. You can view our POC...
Read More

CVE-2024-21893: Another Ivanti Vulnerability Exploited in the Wild. Verify with NodeZero Today!

On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of any customers being impacted by...
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.