The ARMR Report – Week of July 8th, 2019

By July 8, 2019 July 15th, 2019 ARMR Reports

AppSec News from the Web

  • New report shows Government getting hit hard by SQL injection, path traversal and cross-site scripting READ>>
  • Magento issue could redirect payment traffic READ>>
  • WAF rule misconfig gets Cloudflare trending on Twitter READ>>
  • BA hit with nearly 2M in GDPR fines (and Brexit makes us wonder who gets the check) READ>>
  • Zoom web server install puts Mac users at risk to webcam hijack READ>>

Waratek Alerts and Blog

In this week’s blog, our Founder and CTO talks about deserialization’s impact on Enterprise applications over at Security Boulevard.

From Our Partners

People still hate the tradition WAF, and IBM has a great article as to why READ MORE>>

Customer CVE Alert for Week of July 8th, 2019

Below is a list of CV’s that were announced last week which are protected by the Waratek ARMR Platform.

This list is not comprehensive of all of the CVEs issued and only represents application vulnerabilities. For customers that have questions, please contact your account manager or support@waratek.com. If you want more information on any of the CVE’s below, please visit the Mitre site here.

Notes:
Dates are dd/mm.
NVD Disclaimer: The date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

CVECWEVuln TypeUpdate DateCVSS ScoreRemotely ExploitableDetail
CVE-2019-1341389Sql7/8/197.5RemoteThe Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.
CVE-2019-1329289Sql7/10/197.5RemoteA SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded
CVE-2019-1327589Sql7/10/197.5RemoteAn issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API
CVE-2019-1182189Exec Code Sql7/2/197.5RemoteSQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
CVE-2017-1834689Exec Code Sql7/5/197.5RemoteSQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
CVE-2019-12826352Exec Code CSRF7/3/196.8RemoteA Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
CVE-2019-4292434Exec Code7/3/196.5RemoteIBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files
CVE-2019-422489Sql6/26/196.5RemoteIBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements
CVE-2019-1182622Dir. Trav.7/2/196.5RemoteRelative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
CVE-2018-1225089Sql7/5/196.5RemoteAn issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php
CVE-2019-107216017/10/195.8RemoteBlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter
CVE-2019-1071722Dir. Trav.7/10/195.5RemoteBlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
CVE-2019-42692007/3/195RemoteIBM WebSphere Application Server 7.0
CVE-2019-425222Dir. Trav.6/27/195RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
CVE-2019-596779XSS7/10/194.3RemoteCross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-596279XSS7/8/194.3RemoteCross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-413479XSS7/3/194.3RemoteIBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.
CVE-2019-1341479XSS7/8/194.3RemoteThe Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php.
CVE-2019-1318679XSS7/10/194.3RemoteIn MiniCMS V1.10
CVE-2019-1307279Exec Code XSS7/9/194.3RemoteStored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
CVE-2019-1293279XSS7/3/194.3RemoteA stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
CVE-2019-1293079XSS7/9/194.3RemoteA cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
CVE-2018-2084979XSS7/1/194.3RemoteArastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.
CVE-2018-1131779XSS7/5/194.3RemoteSubrion CMS before 4.1.4 has XSS.
CVE-2018-1122779XSS7/8/194.3RemoteMonstra CMS 3.0.4 and earlier has XSS via index.php.
CVE-2019-1182222Dir. Trav.7/2/194RemoteRelative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
CVE-2018-17342006/27/194RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
CVE-2019-441079XSS7/3/193.5RemoteIBM Business Automation Workflow 18.0.0.0
CVE-2019-425079XSS6/27/193.5RemoteIBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
CVE-2019-424979XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
CVE-2019-423779XSS7/8/193.5RemoteA Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3
CVE-2019-408379XSS6/27/193.5RemoteIBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
CVE-2019-1334179XSS7/7/193.5RemoteIn MiniCMS V1.10
CVE-2019-1334079XSS7/7/193.5RemoteIn MiniCMS V1.10
CVE-2019-1333979XSS7/7/193.5RemoteIn MiniCMS V1.10
CVE-2019-1182879XSS7/1/193.5RemoteCross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-1182779XSS7/1/193.5RemoteCross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
CVE-2019-1182579XSS7/1/193.5RemoteCross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2018-189379XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
CVE-2018-189279XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
CVE-2018-182879XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
CVE-2018-182779XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.
CVE-2018-182679XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
CVE-2018-176079XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.
CVE-2018-175879XSS6/27/193.5RemoteIBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
CVE-2019-96307/8/190???Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVE-2019-96297/8/190???Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVE-2019-12927XSS7/9/190???MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag
CVE-2019-12925Dir. Trav.7/9/190???MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X