Overview
Torrentpier is affected by a critical vulnerability (CVE-2024-1651), with a base score of 10, which could allow an attacker to execute arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialisation.
Progress LoadMaster (and LoadMaster Multi-Tenant) is affected by a critical vulnerability (CVE-2024-1212), with a base score of 10, which could allow an unauthenticated remote attacker to access systems through the LoadMaster management interface.
Dromara Herztbeat versions up to 1.4.0. are affected by a critical injection vulnerability (CVE-2023-51388), with a base score of 9.8, which could allow an attacker to manipulate unknown inputs.
SuiteCRM is affected by a critical, local-file inclusion vulnerability (CVE-20241644), with a base score of 9.9. An attacker with minimum privileges could execute commands remotely.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Torrentpier – Advisory (Fluid Attacks)
Progress – LoadMaster Security Vulnerability and Upgrade Release Notes
Dromara – Herztbeat security advisory (Github.com)
SuiteCRM – Advisory (Fluid Attacks)
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.