The ARMR Report – Week of May 27, 2019

By May 31, 2019 ARMR Reports

AppSec News from the Web

  • Netsparker talks frame injection via XSS Read more
  • A Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution Read more
  • First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records Read more
  • In a first, Moody’s downgrades Equifax’s rating outlook due to cyberattack Read more

Waratek Blogs & Alerts

  • Can Containerization be the Solution to Legacy Java Security Risk? Read more

Customer CVE Alert for Weeks of May 20 and 27, 2019

Below is a list of CV’s that were announced in the last two weeks which are protected by the Waratek ARMR Platform. This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVE CWE Vuln Type Update Date CVSS Score Remotely Exploitable Detail
CVE-2019-7091 502 Exec Code 28/05/2019 10 Remote ColdFusion versions Update 1 and earlier
CVE-2019-4279 502 Exec Code 20/05/2019 10 Remote IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVE-2019-7816 434 Exec Code Bypass 28/05/2019 10 Remote ColdFusion versions Update 2 and earlier
CVE-2016-8898 89 Sql 28/05/2019 7.5 Remote Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.
CVE-2019-10866 89 Sql 24/05/2019 7.5 Remote In the Form Maker plugin before 1.13.3 for WordPress
CVE-2016-8897 89 Sql 24/05/2019 7.5 Remote Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVE-2019-12279 Sql 22/05/2019 7.5 Remote Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form).
CVE-2018-17181 89 Sql 20/05/2019 7.5 Remote An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
CVE-2018-17179 89 Sql 20/05/2019 7.5 Remote An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
CVE-2019-10913 89 Sql XSS 17/05/2019 7.5 Remote In Symfony before 2.7.51
CVE-2017-17060 275 23/05/2019 7.5 Remote OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
CVE-2019-4078 264 Exec Code 23/05/2019 7.2 Local IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.
CVE-2016-10756 352 CSRF 28/05/2019 6.8 Remote Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files
CVE-2016-10750 Exec Code 22/05/2019 6.8 Remote In Hazelcast before 3.11
CVE-2017-11738 89 Sql 27/05/2019 6.8 Remote In Zoho ManageEngine Application Manager 13.1 Build 13100
CVE-2019-5934 89 Exec Code Sql 20/05/2019 6.5 Remote SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
CVE-2016-10754 89 Sql 29/05/2019 6.5 Remote modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
CVE-2019-12251 89 Sql 21/05/2019 6.5 Remote sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
CVE-2019-12239 89 Sql CSRF 21/05/2019 6.5 Remote The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection
CVE-2019-12253 352 CSRF 21/05/2019 5.8 Remote my little forum before 2.4.20 allows CSRF to delete posts
CVE-2019-5936 22 Dir. Trav. 20/05/2019 5.5 Remote Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
CVE-2018-17180 22 Dir. Trav. 20/05/2019 5 Remote An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
CVE-2019-11231 Dir. Trav. Bypass +Info CSRF 22/05/2019 5 Remote An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code
CVE-2019-0982 19 DoS 20/05/2019 5 Remote A denial of service vulnerability exists when ASP.NET Core improperly handles web requests
CVE-2019-0981 19 DoS 22/05/2019 5 Remote A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests
CVE-2019-0980 19 DoS 22/05/2019 5 Remote A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests
CVE-2019-0820 20 DoS 22/05/2019 5 Remote A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings
CVE-2017-11559 89 Sql 24/05/2019 5 Remote An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
CVE-2018-17048 89 Sql 17/05/2019 5 Remote admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.
CVE-2019-7129 79 XSS 29/05/2019 4.3 Remote Adobe Experience Manager Forms versions 6.2
CVE-2019-4137 79 XSS 29/05/2019 4.3 Remote IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333.
CVE-2019-12362 79 XSS 28/05/2019 4.3 Remote EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
CVE-2019-12345 79 XSS 28/05/2019 4.3 Remote XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.
CVE-2019-10685 79 XSS 28/05/2019 4.3 Remote A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
CVE-2019-7092 79 XSS 28/05/2019 4.3 Remote ColdFusion versions Update 1 and earlier
CVE-2018-12624 79 XSS 28/05/2019 4.3 Remote An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
CVE-2016-10245 79 XSS 29/05/2019 4.3 Remote Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
CVE-2017-15030 79 XSS 23/05/2019 4.3 Remote Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-11739 79 XSS 27/05/2019 4.3 Remote In Zoho ManageEngine Application Manager 13.1 Build 13100
CVE-2017-5213 79 XSS 23/05/2019 4.3 Remote Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2019-3402 XSS 22/05/2019 4.3 Remote The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
CVE-2017-9808 XSS 22/05/2019 4.3 Remote OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-5864 XSS 22/05/2019 4.3 Remote Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2019-12250 79 XSS 21/05/2019 4.3 Remote IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method
CVE-2019-11809 79 XSS 20/05/2019 4.3 Remote An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data
CVE-2019-10078 79 XSS 22/05/2019 4.3 Remote A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3
CVE-2019-10077 79 XSS 22/05/2019 4.3 Remote A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3
CVE-2019-10076 79 XSS 22/05/2019 4.3 Remote A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3
CVE-2019-8937 79 XSS 17/05/2019 4.3 Remote HotelDruid 2.3.0 has XSS affecting the nsextt
CVE-2019-8929 79 XSS 17/05/2019 4.3 Remote An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
CVE-2019-8928 79 XSS 17/05/2019 4.3 Remote An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth
CVE-2019-8927 79 XSS 17/05/2019 4.3 Remote An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc
CVE-2019-8926 79 XSS 17/05/2019 4.3 Remote An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert
CVE-2019-5940 79 XSS 17/05/2019 4.3 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
CVE-2019-5939 79 XSS 17/05/2019 4.3 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVE-2019-5938 79 XSS 17/05/2019 4.3 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
CVE-2019-5929 79 XSS 17/05/2019 4.3 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
CVE-2019-5928 79 XSS 17/05/2019 4.3 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
CVE-2019-11033 79 XSS 17/05/2019 4.3 Remote Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring.
CVE-2019-12361 79 XSS CSRF 28/05/2019 4.3 Remote EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php
CVE-2019-8346 79 XSS CSRF 29/05/2019 4.3 Remote In Zoho ManageEngine ADSelfService Plus 5.x through 5704
CVE-2019-0201 275 24/05/2019 4.3 Remote An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence
CVE-2019-12309 22 Dir. Trav. 24/05/2019 4 Remote dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.
CVE-2016-10755 89 Sql 29/05/2019 4 Remote AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php
CVE-2019-4184 79 XSS 29/05/2019 3.5 Remote IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974.
CVE-2019-4139 79 XSS 29/05/2019 3.5 Remote IBM Cognos Analytics 11.0
CVE-2017-17061 79 XSS 23/05/2019 3.5 Remote OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-13668 79 XSS 23/05/2019 3.5 Remote OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-11560 79 XSS 24/05/2019 3.5 Remote An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application
CVE-2019-12190 79 XSS 21/05/2019 3.5 Remote XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
CVE-2019-10067 79 XSS 22/05/2019 3.5 Remote An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.
CVE-2019-10066 79 XSS 22/05/2019 3.5 Remote An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6
CVE-2019-5947 79 XSS 17/05/2019 3.5 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
CVE-2019-5937 79 XSS 17/05/2019 3.5 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
CVE-2019-5932 79 XSS 17/05/2019 3.5 Remote Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVE-2019-10909 79 XSS 20/05/2019 3.5 Remote In Symfony before 2.7.51
CVE-2019-0979 79 XSS 20/05/2019 3.5 Remote A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0963 79 XSS 17/05/2019 3.5 Remote A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-0872 79 XSS 20/05/2019 3.5 Remote A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2018-1975 79 XSS 21/05/2019 3.5 Remote IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9
CVE-2019-4039 532 DoS 23/05/2019 2.1 Local IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.
CVE-2019-0864 119 DoS Overflow 20/05/2019 2.1 Local A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory
CVE-2018-18631 XSS 29/05/2019 0 Not known mailboxd component in Synacor Zimbra Collaboration Suite 8.6
CVE-2018-14013 XSS 29/05/2019 0 Not known Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
CVE-2019-0188 28/05/2019 0 Not known Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component
CVE-2018-17198 29/05/2019 0 Not known Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1
CVE-2019-6513 21/05/2019 0 Not known An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X