The ARMR Report – Week of May 13, 2019

By May 17, 2019 May 20th, 2019 ARMR Reports

AppSec News from the Web

  • Ponemon released a research report detailing how much companies hate their Web Application Firewalls. With an average yearly cost of $620K and more than 45 hours a week processing alerts, were not surprised. Read More
  • A major account software provider took clients offline and caused a Twitter uproar. The cause is unknown, but this article reminds us why the software supply chain is so fragile. And why we need to make sure we pay our taxes on time.  Read More
  • Microsoft Sharepoint vulnerability under active exploit Read More

Waratek Blogs & Alerts

  • What is Java Deserialization and what are the challenges in securing?  Our Security Architect Apostolos takes a look in this informative blog. Read more >>

Customer CVE Alert for Week of May 13, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform. This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVE CWE Vuln Type Publish Date Update Date CVSS Score Remotely Exploitable
CVE-2019-10111 121 XSS 15/05/2019 15/05/2019 0 Not known
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8
CVE-2016-7043 490 15/05/2019 15/05/2019 0 Not known
It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties
CVE-2014-9919 494 XSS 15/05/2019 15/05/2019 4.3 Remote
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
CVE-2014-9918 495 XSS 15/05/2019 15/05/2019 4.3 Remote
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
CVE-2014-9917 496 XSS 15/05/2019 15/05/2019 4.3 Remote
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
CVE-2013-7285 497 15/05/2019 15/05/2019 0 Not known
Xstream API versions up to 1.4.6 and version 1.4.10
CVE-2019-12099 9 Exec Code 14/05/2019 14/05/2019 0 Not known
In PHP-Fusion 9.03.00
CVE-2019-11846 25 XSS 14/05/2019 15/05/2019 4.3 Remote
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
CVE-2019-11397 90 File Inclusion 14/05/2019 14/05/2019 0 Not known
GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.
CVE-2019-11205 97 XSS 14/05/2019 14/05/2019 0 Not known
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace
CVE-2019-8923 143 Sql 14/05/2019 14/05/2019 0 Not known
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
CVE-2019-8391 145 XSS 14/05/2019 15/05/2019 4.3 Remote
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
CVE-2019-8390 146 XSS 14/05/2019 15/05/2019 4.3 Remote
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
CVE-2019-6514 191 XSS 14/05/2019 14/05/2019 3.5 Remote
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page
CVE-2019-0298 330 XSS 14/05/2019 14/05/2019 0 Not known
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs
CVE-2019-12047 13 Exec Code XSS 13/05/2019 13/05/2019 4.3 Remote
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution
CVE-2019-11886 17 CSRF 13/05/2019 14/05/2019 6.8 Remote
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF
CVE-2019-11680 57 Exec Code 13/05/2019 14/05/2019 7.5 Remote
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.
CVE-2019-11600 73 Exec Code Sql 13/05/2019 14/05/2019 6.8 Remote
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
CVE-2019-11429 86 XSS 13/05/2019 15/05/2019 3.5 Remote
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version)
CVE-2019-7411 163 XSS 13/05/2019 14/05/2019 3.5 Remote
Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1) Title
CVE-2019-7409 164 XSS 13/05/2019 13/05/2019 4.3 Remote
Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page
CVE-2018-16139 376 XSS 13/05/2019 15/05/2019 4.3 Remote
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
CVE-2012-6652 498 Dir. Trav. 13/05/2019 13/05/2019 7.5 Remote
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.
CVE-2019-4204 217 XSS 10/05/2019 15/05/2019 3.5 Remote
IBM Business Automation Workflow 18.0.0.0
CVE-2018-1790 453 CSRF 10/05/2019 10/05/2019 6.8 Remote
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.
CVE-2017-12885 472 XSS 10/05/2019 10/05/2019 4.3 Remote
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-12795 478 10/05/2019 10/05/2019 7.5 Remote
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
CVE-2019-0226 337 Dir. Trav. 09/05/2019 10/05/2019 5.5 Remote
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
CVE-2018-20837 339 XSS 09/05/2019 10/05/2019 3.5 Remote
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVE-2019-11564 75 XSS 08/05/2019 08/05/2019 4.3 Remote
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
CVE-2019-11629 72 XSS 07/05/2019 07/05/2019 4.3 Remote
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
CVE-2019-10869 116 Exec Code 07/05/2019 10/05/2019 6.8 Remote
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
CVE-2018-2001 450 CSRF 07/05/2019 08/05/2019 6.8 Remote
IBM Cram Social Program Management 6.1.1
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X