The ARMR Report – Week of July 8th, 2019

By July 8, 2019 July 15th, 2019 ARMR Reports

AppSec News from the Web

  • New report shows Government getting hit hard by SQL injection, path traversal and cross-site scripting READ>>
  • Magento issue could redirect payment traffic READ>>
  • WAF rule misconfig gets Cloudflare trending on Twitter READ>>
  • BA hit with nearly 2M in GDPR fines (and Brexit makes us wonder who gets the check) READ>>
  • Zoom web server install puts Mac users at risk to webcam hijack READ>>

Waratek Alerts and Blog

In this week’s blog, our Founder and CTO talks about deserialization’s impact on Enterprise applications over at Security Boulevard.

From Our Partners

People still hate the tradition WAF, and IBM has a great article as to why READ MORE>>

Customer CVE Alert for Week of July 8th, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVE CWE Vuln Type Update Date CVSS Score Remotely Exploitable Detail
CVE-2019-13413 89 Sql 7/8/19 7.5 Remote The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.
CVE-2019-13292 89 Sql 7/10/19 7.5 Remote A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded
CVE-2019-13275 89 Sql 7/10/19 7.5 Remote An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API
CVE-2019-11821 89 Exec Code Sql 7/2/19 7.5 Remote SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
CVE-2017-18346 89 Exec Code Sql 7/5/19 7.5 Remote SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
CVE-2019-12826 352 Exec Code CSRF 7/3/19 6.8 Remote A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
CVE-2019-4292 434 Exec Code 7/3/19 6.5 Remote IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files
CVE-2019-4224 89 Sql 6/26/19 6.5 Remote IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements
CVE-2019-11826 22 Dir. Trav. 7/2/19 6.5 Remote Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
CVE-2018-12250 89 Sql 7/5/19 6.5 Remote An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php
CVE-2019-10721 601 7/10/19 5.8 Remote BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter
CVE-2019-10717 22 Dir. Trav. 7/10/19 5.5 Remote BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
CVE-2019-4269 200 7/3/19 5 Remote IBM WebSphere Application Server 7.0
CVE-2019-4252 22 Dir. Trav. 6/27/19 5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
CVE-2019-5967 79 XSS 7/10/19 4.3 Remote Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5962 79 XSS 7/8/19 4.3 Remote Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-4134 79 XSS 7/3/19 4.3 Remote IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.
CVE-2019-13414 79 XSS 7/8/19 4.3 Remote The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php.
CVE-2019-13186 79 XSS 7/10/19 4.3 Remote In MiniCMS V1.10
CVE-2019-13072 79 Exec Code XSS 7/9/19 4.3 Remote Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
CVE-2019-12932 79 XSS 7/3/19 4.3 Remote A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
CVE-2019-12930 79 XSS 7/9/19 4.3 Remote A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
CVE-2018-20849 79 XSS 7/1/19 4.3 Remote Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.
CVE-2018-11317 79 XSS 7/5/19 4.3 Remote Subrion CMS before 4.1.4 has XSS.
CVE-2018-11227 79 XSS 7/8/19 4.3 Remote Monstra CMS 3.0.4 and earlier has XSS via index.php.
CVE-2019-11822 22 Dir. Trav. 7/2/19 4 Remote Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
CVE-2018-1734 200 6/27/19 4 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
CVE-2019-4410 79 XSS 7/3/19 3.5 Remote IBM Business Automation Workflow 18.0.0.0
CVE-2019-4250 79 XSS 6/27/19 3.5 Remote IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
CVE-2019-4249 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
CVE-2019-4237 79 XSS 7/8/19 3.5 Remote A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3
CVE-2019-4083 79 XSS 6/27/19 3.5 Remote IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
CVE-2019-13341 79 XSS 7/7/19 3.5 Remote In MiniCMS V1.10
CVE-2019-13340 79 XSS 7/7/19 3.5 Remote In MiniCMS V1.10
CVE-2019-13339 79 XSS 7/7/19 3.5 Remote In MiniCMS V1.10
CVE-2019-11828 79 XSS 7/1/19 3.5 Remote Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-11827 79 XSS 7/1/19 3.5 Remote Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
CVE-2019-11825 79 XSS 7/1/19 3.5 Remote Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2018-1893 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
CVE-2018-1892 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
CVE-2018-1828 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
CVE-2018-1827 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.
CVE-2018-1826 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
CVE-2018-1760 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.
CVE-2018-1758 79 XSS 6/27/19 3.5 Remote IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
CVE-2019-9630 7/8/19 0 ??? Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVE-2019-9629 7/8/19 0 ??? Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVE-2019-12927 XSS 7/9/19 0 ??? MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag
CVE-2019-12925 Dir. Trav. 7/9/19 0 ??? MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X