The ARMR Report – Week of June 3rd, 2019

By June 7, 2019 June 10th, 2019 ARMR Reports

AppSec News from the Web

  • Hotel management company gives the bad guys a roadmap to all of their system problems. Read more
  • A new round of “SEcure all the S3” meme make the rounds. Read more
  • Unpatched servers might prove fertile ground for still evolving BlackSquid malware. Read more
  • Third-party collection agency loses 12M consumer records – including PII and credit cards – from Quest Diagnostics patients. Read more
  • …And then 7M more from LabCorp patients. Read more
  • Tripwire releases 2019 Vulnerability Management Survey (spoiler alert: patching is still a problem). Read more

Waratek Blogs & Alerts

Customer CVE Alert for Week of June 3rd, 2019

Below is a list of CV’s that were announced in the last two weeks which are protected by the Waratek ARMR Platform. This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVECWEVuln TypeUpdate DateCVSS ScoreRemotely ExploitableDetail
CVE-2018-802926404/06/20199RemoteIn Apache Hadoop versions 3.0.0-alpha1 to 3.1.0
CVE-2019-1012389Exec Code Sql03/06/20197.5RemoteSQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.
CVE-2019-9874502Exec Code CSRF03/06/20197.5RemoteDeserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
CVE-2019-10328693Bypass03/06/20196.5RemoteJenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods
CVE-2019-9875502Exec Code CSRF03/06/20196.5RemoteDeserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
CVE-2019-1032761103/06/20195.5RemoteAn XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master
CVE-2019-972322Dir. Trav.31/05/20195.5RemoteLogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories
CVE-2019-1033028403/06/20195RemoteJenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions
CVE-2019-1259322Dir. Trav. File Inclusion04/06/20195RemoteIceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVE-2019-3802200#NAME?03/06/20195RemoteThis affects Spring Data JPA in versions up to and including 2.1.6
CVE-2015-223079XSS31/05/20194.3RemoteSynacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
CVE-2015-760979XSS31/05/20194.3RemoteSynacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
CVE-2018-1442579XSS31/05/20194.3RemoteThere is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
CVE-2019-10321352CSRF05/06/20194.3RemoteA cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2019-10324352CSRF03/06/20194.3RemoteA cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit
CVE-2019-10326352CSRF03/06/20194.3RemoteA cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2019-1230879XSS05/06/20194.3RemoteAn issue was discovered in Django 1.11 before 1.11.21
CVE-2019-1250779XSS31/05/20194.3RemoteAn XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter.
CVE-2019-983879XSS04/06/20194.3RemoteVFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter
CVE-2019-983979XSS04/06/20194.3RemoteVFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.
CVE-2019-1032227504/06/20194RemoteA missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2019-1032327504/06/20194RemoteA missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-1032925503/06/20194RemoteJenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2018-1094879XSS31/05/20193.5RemoteSynacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
CVE-2019-1032579XSS03/06/20193.5RemoteA cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
CVE-2019-1256679XSS03/06/20193.5RemoteThe WP Statistics plugin through 12.6.5 for WordPress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X