The ARMR Report – Week of June 3rd, 2019

By June 7, 2019 June 10th, 2019 ARMR Reports

AppSec News from the Web

  • Hotel management company gives the bad guys a roadmap to all of their system problems. Read more
  • A new round of “SEcure all the S3” meme make the rounds. Read more
  • Unpatched servers might prove fertile ground for still evolving BlackSquid malware. Read more
  • Third-party collection agency loses 12M consumer records – including PII and credit cards – from Quest Diagnostics patients. Read more
  • …And then 7M more from LabCorp patients. Read more
  • Tripwire releases 2019 Vulnerability Management Survey (spoiler alert: patching is still a problem). Read more

Waratek Blogs & Alerts

Customer CVE Alert for Week of June 3rd, 2019

Below is a list of CV’s that were announced in the last two weeks which are protected by the Waratek ARMR Platform. This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVE CWE Vuln Type Update Date CVSS Score Remotely Exploitable Detail
CVE-2018-8029 264 04/06/2019 9 Remote In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0
CVE-2019-10123 89 Exec Code Sql 03/06/2019 7.5 Remote SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.
CVE-2019-9874 502 Exec Code CSRF 03/06/2019 7.5 Remote Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
CVE-2019-10328 693 Bypass 03/06/2019 6.5 Remote Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods
CVE-2019-9875 502 Exec Code CSRF 03/06/2019 6.5 Remote Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
CVE-2019-10327 611 03/06/2019 5.5 Remote An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master
CVE-2019-9723 22 Dir. Trav. 31/05/2019 5.5 Remote LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories
CVE-2019-10330 284 03/06/2019 5 Remote Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions
CVE-2019-12593 22 Dir. Trav. File Inclusion 04/06/2019 5 Remote IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVE-2019-3802 200 #NAME? 03/06/2019 5 Remote This affects Spring Data JPA in versions up to and including 2.1.6
CVE-2015-2230 79 XSS 31/05/2019 4.3 Remote Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
CVE-2015-7609 79 XSS 31/05/2019 4.3 Remote Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
CVE-2018-14425 79 XSS 31/05/2019 4.3 Remote There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
CVE-2019-10321 352 CSRF 05/06/2019 4.3 Remote A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2019-10324 352 CSRF 03/06/2019 4.3 Remote A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit
CVE-2019-10326 352 CSRF 03/06/2019 4.3 Remote A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2019-12308 79 XSS 05/06/2019 4.3 Remote An issue was discovered in Django 1.11 before 1.11.21
CVE-2019-12507 79 XSS 31/05/2019 4.3 Remote An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter.
CVE-2019-9838 79 XSS 04/06/2019 4.3 Remote VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter
CVE-2019-9839 79 XSS 04/06/2019 4.3 Remote VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.
CVE-2019-10322 275 04/06/2019 4 Remote A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method
CVE-2019-10323 275 04/06/2019 4 Remote A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10329 255 03/06/2019 4 Remote Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2018-10948 79 XSS 31/05/2019 3.5 Remote Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
CVE-2019-10325 79 XSS 03/06/2019 3.5 Remote A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
CVE-2019-12566 79 XSS 03/06/2019 3.5 Remote The WP Statistics plugin through 12.6.5 for WordPress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X