Detectify security updates for January 25


Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from January 11 – January 22.

CVE-2020-13957: Apache Solr RCE

Apache Solr is prone to a remote code execution vulnerability when uploading new config sets into the application.
Remote Code Execution (RCE) vulnerabilities arise when user input is injected inside server-side functions, which evaluate code in the related server-side programming language. An attacker can execute code on the server.

CVE-2020-10148: SolarWinds Orion Local File Inclusion

The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. An attacker can download arbitrary files from the server.

CVE-2020-29015: Fortinet FortiWeb Blind SQL Injection

Fortinet FortiWeb versions <=6.3.7 and <=6.2.3 are vulnerable to a blind SQL injection in the user interface of FortiWeb. An attacker can use this flaw to read files stored on the server and execute SQL commands.

CVE-2020-17519: Apache Flink Path Traversal

Apache Flink is vulnerable to a path traversal vulnerability in JobManager. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

CVE-2018-10141: Palo Alto GlobalProtect XSS

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

ColdFusion Lucee Authentication Bypass

Lucee versions 5.3.8.88 and below is prone to an authentication bypass vulnerability where an attacker can access web.cfm and server.cfm. An attacker can create files on the server and make Lucee execute code.

CVE-2020-26297: mdBook DOM XSS

The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability. An attacker can use this to steal cookies and execute JavaScript which can lead to stolen information and hijacked user accounts.

ColdFusion Lucee Authentication Bypass

Lucee versions 5.3.8.88 and below is prone to an authentication bypass vulnerability where an attacker can access web.cfm and server.cfm. An attacker can create files on the server and make Lucee execute code.

CVE-2020-14864: Oracle Business Intelligence Local File Inclusion

A local file inclusion vulnerability is present in Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVE-2020-28208: Rocket.Chat Email Address Enumeration

Rocket.Chat <= 3.9.1 contains an email address enumeration vulnerability in the password reset function of the chat application Rocket.Chat. This vulnerability lets an unauthorized user enumerate registered email addresses on the instance of Rocket.Chat.

CVE-2020-6207: SAP EEM Missing Authentication

There is a missing authentication check in SAP EEM. An unauthenticated attacker can compromise all of SMDAgents connected to the server.

Questions or comments on the latest Detectify security updates? Let us know in the comments below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!



Source link