The ARMR Report – Week of June 17th, 2019

By June 20, 2019 June 24th, 2019 ARMR Reports

AppSec News from the Web

  • Oracle patches WebLogic ….. again and says urgently patch now….. again read more >>
  • CISCO releases security updates for multiple products read more >>
  • SDTimes takes a look at the top roadblocks to securing web applications read more >>
  • AMCA pays the price of a data breach, filing Chapter 11 read more>>

Waratek Blogs & Alerts

  • Waratek updates the Weblogic customer alert….. again read more >>
  • Waratek’s Dr. John Holt on the recent Georgia Tech breach and the risks in HigherEd. Read more >>
  • The Digital Enterprise interviews Waratek CEO, John Adams. Read more >> 
  • BBB National Programs Podcast with Waratek CTO, John Matthew Holt looks at the ABC of Cyber Security. Listen here >>

Customer CVE Alert for Week of June 17th, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This includes 3 Coldfusion vulnerabilities which could allow attackers to fully compromise servers.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVE CWE Vuln Type Update Date CVSS Score Remotely Exploitable Detail
CVE-2019-7838 434 Exec Code Bypass 13/06/2019 10 Remote ColdFusion versions Update 3 and earlier
CVE-2019-7839 77 Exec Code 14/06/2019 10 Remote ColdFusion versions Update 3 and earlier
CVE-2019-7840 502 Exec Code 14/06/2019 10 Remote ColdFusion versions Update 3 and earlier
CVE-2018-11800 89 Exec Code Sql 11/06/2019 7.5 Remote SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
CVE-2018-11801 89 Exec Code Sql 11/06/2019 7.5 Remote SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
CVE-2019-10338 352 CSRF 13/06/2019 6.8 Remote A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server
CVE-2019-4142 352 CSRF 18/06/2019 6.8 Remote IBM Cloud Private 2.1.0
CVE-2019-12872 89 Sql 18/06/2019 6.5 Remote dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
CVE-2019-10334 295 13/06/2019 5.8 Remote Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.
CVE-2019-10337 611 13/06/2019 5 Remote An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities
CVE-2018-18886 79 XSS 18/06/2019 4.3 Remote Helpy v2.1.0 has Stored XSS via the Ticket title.
CVE-2019-0303 79 Exec Code XSS 18/06/2019 4.3 Remote SAP BusinessObjects Business Intelligence Platform (Administration Console)
CVE-2019-0311 79 Exec Code XSS 14/06/2019 4.3 Remote Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600
CVE-2019-10085 79 XSS 19/06/2019 4.3 Remote In Apache Allura prior to 1.11.0
CVE-2019-10331 352 CSRF 13/06/2019 4.3 Remote A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-10332 275 13/06/2019 4.3 Remote A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-10336 79 XSS 13/06/2019 4.3 Remote A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.
CVE-2019-12766 79 XSS 12/06/2019 4.3 Remote An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVE-2019-12823 79 XSS 18/06/2019 4.3 Remote Craft CMS 3.1.30 has XSS.
CVE-2019-6965 79 XSS 18/06/2019 4.3 Remote An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
CVE-2019-10333 200 Not known 13/06/2019 4 Remote Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.
CVE-2019-10339 255 13/06/2019 4 Remote A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server
CVE-2018-19146 79 XSS 19/06/2019 3.5 Remote Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
CVE-2019-0308 94 Exec Code 12/06/2019 3.5 Remote An authenticated attacker in SAP E-Commerce (Business-to-Consumer application)
CVE-2019-0316 79 XSS 19/06/2019 3.5 Remote SAP NetWeaver Process Integration
CVE-2019-1031 79 XSS 13/06/2019 3.5 Remote A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-1032 79 XSS 13/06/2019 3.5 Remote A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-1033 79 XSS 13/06/2019 3.5 Remote A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-10335 79 XSS 13/06/2019 3.5 Remote A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.
CVE-2019-1036 79 XSS 13/06/2019 3.5 Remote A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-4136 79 XSS 18/06/2019 3.5 Remote IBM Cognos Controller 10.2.0
CVE-2019-4403 79 XSS 17/06/2019 3.5 Remote IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X