Salesforce has released five CVE identifiers following a security report indicating multiple configuration weaknesses, some enabling unauthorized access and session hijacking. The vulnerabilities, particularly tied to Flexcards and core Salesforce components, were made public recently after discovery in May by AppOmni's Aaron Costello. Although Salesforce acknowledged these five issues, 16 additional vulnerabilities were classified as misconfigurations, placing the responsibility of fixing them on the customers. Experts warn companies using Salesforce to address their security configurations promptly to prevent exploitation by attackers.
Salesforce has identified five CVEs related to configuration weaknesses, with some vulnerabilities exposing customers to unauthorized access and session hijacking.
Findings from security research highlight urgent concerns around default settings exposing customers to unauthorized access due to misconfigurations.
The vulnerabilities found in Salesforce underscore the need for organizations using Salesforce industry clouds to assess and secure their configurations before they can be exploited.
Although Salesforce acknowledged five serious vulnerabilities, 16 additional reported flaws were deemed misconfigurations, shifting the responsibility to customers for resolution.
Collection
[
|
...
]