The ARMR Report – Week of June 17th, 2019

By June 20, 2019 June 24th, 2019 ARMR Reports

AppSec News from the Web

  • Oracle patches WebLogic ….. again and says urgently patch now….. again read more >>
  • CISCO releases security updates for multiple products read more >>
  • SDTimes takes a look at the top roadblocks to securing web applications read more >>
  • AMCA pays the price of a data breach, filing Chapter 11 read more>>

Waratek Blogs & Alerts

  • Waratek updates the Weblogic customer alert….. again read more >>
  • Waratek’s Dr. John Holt on the recent Georgia Tech breach and the risks in HigherEd. Read more >>
  • The Digital Enterprise interviews Waratek CEO, John Adams. Read more >> 
  • BBB National Programs Podcast with Waratek CTO, John Matthew Holt looks at the ABC of Cyber Security. Listen here >>

Customer CVE Alert for Week of June 17th, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This includes 3 Coldfusion vulnerabilities which could allow attackers to fully compromise servers.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVECWEVuln TypeUpdate DateCVSS ScoreRemotely ExploitableDetail
CVE-2019-7838434Exec Code Bypass13/06/201910RemoteColdFusion versions Update 3 and earlier
CVE-2019-783977Exec Code14/06/201910RemoteColdFusion versions Update 3 and earlier
CVE-2019-7840502Exec Code14/06/201910RemoteColdFusion versions Update 3 and earlier
CVE-2018-1180089Exec Code Sql11/06/20197.5RemoteSQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
CVE-2018-1180189Exec Code Sql11/06/20197.5RemoteSQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
CVE-2019-10338352CSRF13/06/20196.8RemoteA cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server
CVE-2019-4142352CSRF18/06/20196.8RemoteIBM Cloud Private 2.1.0
CVE-2019-1287289Sql18/06/20196.5RemotedotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
CVE-2019-1033429513/06/20195.8RemoteJenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.
CVE-2019-1033761113/06/20195RemoteAn XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities
CVE-2018-1888679XSS18/06/20194.3RemoteHelpy v2.1.0 has Stored XSS via the Ticket title.
CVE-2019-030379Exec Code XSS18/06/20194.3RemoteSAP BusinessObjects Business Intelligence Platform (Administration Console)
CVE-2019-031179Exec Code XSS14/06/20194.3RemoteAutomotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600
CVE-2019-1008579XSS19/06/20194.3RemoteIn Apache Allura prior to 1.11.0
CVE-2019-10331352CSRF13/06/20194.3RemoteA cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-1033227513/06/20194.3RemoteA missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-1033679XSS13/06/20194.3RemoteA reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.
CVE-2019-1276679XSS12/06/20194.3RemoteAn issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVE-2019-1282379XSS18/06/20194.3RemoteCraft CMS 3.1.30 has XSS.
CVE-2019-696579XSS18/06/20194.3RemoteAn XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
CVE-2019-10333200Not known13/06/20194RemoteMissing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.
CVE-2019-1033925513/06/20194RemoteA missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server
CVE-2018-1914679XSS19/06/20193.5RemoteConcrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
CVE-2019-030894Exec Code12/06/20193.5RemoteAn authenticated attacker in SAP E-Commerce (Business-to-Consumer application)
CVE-2019-031679XSS19/06/20193.5RemoteSAP NetWeaver Process Integration
CVE-2019-103179XSS13/06/20193.5RemoteA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-103279XSS13/06/20193.5RemoteA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-103379XSS13/06/20193.5RemoteA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-1033579XSS13/06/20193.5RemoteA stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.
CVE-2019-103679XSS13/06/20193.5RemoteA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server
CVE-2019-413679XSS18/06/20193.5RemoteIBM Cognos Controller 10.2.0
CVE-2019-440379XSS17/06/20193.5RemoteIBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.
print
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X