The ARMR Report – Week of June 24th, 2019

By June 27, 2019 ARMR Reports

AppSec News from the Web

  • Gartner highlights shortcomings in application security at the Gartner Security and Risk Management Summit. Read more >>
  • Huawei products riddled with backdoors, zero days and critical vulnerabilities. Read more >>
  • 1 in 10 OSS components downloaded in 2018 had known vulnerability. Read more >>

Waratek Blogs & Alerts

  • Can Containerization be the Solution to Legacy Java Security Risk? Read more >>

Customer CVE Alert for Week of June 24th, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVE CWE Vuln Type Update Date CVSS Score Remotely Exploitable Detail
CVE-2018-17374 89 Sql 20/06/2019 7.5 Remote SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVE-2018-17381 89 Sql 20/06/2019 7.5 Remote SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVE-2018-17386 89 Sql 21/06/2019 7.5 Remote SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter
CVE-2018-17388 89 Sql 20/06/2019 7.5 Remote SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php
CVE-2018-17393 89 Sql 20/06/2019 7.5 Remote SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
CVE-2018-17398 89 Sql 20/06/2019 7.5 Remote SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
CVE-2018-17399 89 Sql 20/06/2019 7.5 Remote SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
CVE-2018-17840 89 Sql 20/06/2019 7.5 Remote SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject
CVE-2018-17841 89 Sql 20/06/2019 7.5 Remote SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
CVE-2018-17842 89 Sql 20/06/2019 7.5 Remote SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
CVE-2018-18757 89 Sql 20/06/2019 7.5 Remote Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection
CVE-2018-18758 89 Sql 20/06/2019 7.5 Remote Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection
CVE-2019-12939 89 Sql 26/06/2019 7.5 Remote LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
CVE-2019-12960 89 Sql 25/06/2019 7.5 Remote LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
CVE-2019-2729 284 21/06/2019 7.5 Remote Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0
CVE-2018-17387 352 CSRF 21/06/2019 6.8 Remote CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.
CVE-2018-17389 352 CSRF 20/06/2019 6.8 Remote CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
CVE-2019-10719 22 Exec Code Dir. Trav. 23/06/2019 6.5 Remote BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled
CVE-2019-10720 22 Exec Code Dir. Trav. 23/06/2019 6.5 Remote BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
CVE-2019-10072 400 25/06/2019 5 Remote The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
CVE-2019-10718 611 23/06/2019 5 Remote BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection
CVE-2019-11392 611 23/06/2019 5 Remote BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
CVE-2019-12346 79 XSS 26/06/2019 4.3 Remote In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress
CVE-2019-12384 502 Exec Code 26/06/2019 4.3 Remote FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content
CVE-2019-12814 200 Unknown 23/06/2019 4.3 Remote A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath
CVE-2019-12935 79 XSS 25/06/2019 4.3 Remote Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
CVE-2019-12962 79 XSS 25/06/2019 4.3 Remote LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CVE-2019-12963 79 XSS 25/06/2019 4.3 Remote LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
CVE-2019-12964 79 XSS 25/06/2019 4.3 Remote LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
CVE-2019-4157 79 XSS 26/06/2019 4.3 Remote IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
CVE-2017-15694 88 24/06/2019 4 Remote When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode
CVE-2018-16251 89 Sql 21/06/2019 4 Remote A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered
CVE-2019-4384 22 Dir. Trav. 20/06/2019 4 Remote IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.
CVE-2018-16247 79 XSS 20/06/2019 3.5 Remote YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
CVE-2018-16250 79 XSS 21/06/2019 3.5 Remote The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information
CVE-2019-12745 79 XSS 24/06/2019 3.5 Remote out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
CVE-2019-4303 79 XSS 19/06/2019 3.5 Remote IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X