The ARMR Report – Week of June 24th, 2019

By June 27, 2019 ARMR Reports

AppSec News from the Web

  • Gartner highlights shortcomings in application security at the Gartner Security and Risk Management Summit. Read more >>
  • Huawei products riddled with backdoors, zero days and critical vulnerabilities. Read more >>
  • 1 in 10 OSS components downloaded in 2018 had known vulnerability. Read more >>

Waratek Blogs & Alerts

  • Can Containerization be the Solution to Legacy Java Security Risk? Read more >>

Customer CVE Alert for Week of June 24th, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVECWEVuln TypeUpdate DateCVSS ScoreRemotely ExploitableDetail
CVE-2018-1737489Sql20/06/20197.5RemoteSQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVE-2018-1738189Sql20/06/20197.5RemoteSQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVE-2018-1738689Sql21/06/20197.5RemoteSQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter
CVE-2018-1738889Sql20/06/20197.5RemoteSQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php
CVE-2018-1739389Sql20/06/20197.5RemoteSQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
CVE-2018-1739889Sql20/06/20197.5RemoteSQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
CVE-2018-1739989Sql20/06/20197.5RemoteSQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
CVE-2018-1784089Sql20/06/20197.5RemoteSQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject
CVE-2018-1784189Sql20/06/20197.5RemoteSQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
CVE-2018-1784289Sql20/06/20197.5RemoteSQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
CVE-2018-1875789Sql20/06/20197.5RemoteOpen Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection
CVE-2018-1875889Sql20/06/20197.5RemoteOpen Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection
CVE-2019-1293989Sql26/06/20197.5RemoteLiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
CVE-2019-1296089Sql25/06/20197.5RemoteLiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
CVE-2019-272928421/06/20197.5RemoteVulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0
CVE-2018-17387352CSRF21/06/20196.8RemoteCSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.
CVE-2018-17389352CSRF20/06/20196.8RemoteCSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
CVE-2019-1071922Exec Code Dir. Trav.23/06/20196.5RemoteBlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled
CVE-2019-1072022Exec Code Dir. Trav.23/06/20196.5RemoteBlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
CVE-2019-1007240025/06/20195RemoteThe fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
CVE-2019-1071861123/06/20195RemoteBlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection
CVE-2019-1139261123/06/20195RemoteBlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
CVE-2019-1234679XSS26/06/20194.3RemoteIn the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress
CVE-2019-12384502Exec Code26/06/20194.3RemoteFasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content
CVE-2019-12814200Unknown23/06/20194.3RemoteA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath
CVE-2019-1293579XSS25/06/20194.3RemoteShopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
CVE-2019-1296279XSS25/06/20194.3RemoteLiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CVE-2019-1296379XSS25/06/20194.3RemoteLiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
CVE-2019-1296479XSS25/06/20194.3RemoteLiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
CVE-2019-415779XSS26/06/20194.3RemoteIBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
CVE-2017-156948824/06/20194RemoteWhen an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode
CVE-2018-1625189Sql21/06/20194RemoteA "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered
CVE-2019-438422Dir. Trav.20/06/20194RemoteIBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.
CVE-2018-1624779XSS20/06/20193.5RemoteYzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
CVE-2018-1625079XSS21/06/20193.5RemoteThe "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information
CVE-2019-1274579XSS24/06/20193.5Remoteout/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
CVE-2019-430379XSS19/06/20193.5RemoteIBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
print
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X