SAP issued a new security advisory on July 13 in their SAP Security Patch Day – July 2020 addressing ten security vulnerabilities in multiple SAP products. Among these multiple vulnerabilities, CVE-2020-6287 is a critical vulnerability with a CVSSv3 base score 10/10. Rest other vulnerabilities are of High and Medium severity. Description: SAP identified several vulnerabilities … Continue reading “SAP NetWeaver Multiple Security Vulnerabilities (CVE-2020-6287, CVE-2020-6286)”
Author: Vivek Chanchal
Citrix ADC And Citrix Gateway Multiple Security Vulnerabilities (CTX276688)
Citrix issued a new security advisory CTX276688 on 7th July,2020 addressing multiple security vulnerabilities in Citrix networking products like Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Description: Citrix identified several vulnerabilities in products like Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Approximately 11 vulnerabilities of type including Code Injection, Privilege Escalation, Authorization Bypass, … Continue reading “Citrix ADC And Citrix Gateway Multiple Security Vulnerabilities (CTX276688)”
Telnetd Unauthenticated Remote Code Execution Vulnerability (CVE-2020-10188)
Summary: An unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2020-10188) was recently disclosed in Telnet servers (telnetd). The vulnerability allows remote attackers to execute arbitrary code on the target system. Description: Ronald Huizer, a security researcher, recently disclosed an unauthenticated RCE vulnerability that allows remote attackers to execute arbitrary code on the target system. The vulnerability … Continue reading “Telnetd Unauthenticated Remote Code Execution Vulnerability (CVE-2020-10188)”
Zoho ManageEngine Desktop Central Unauthenticated Remote Code Execution Vulnerability (CVE-2020-10189)
Summary: Recently an information security specialist named Steven Seeley from Source Incite Disclosed Unauthenticated Remote Code Execution Vulnerability affecting Desktop Central build 10.0.473 and below that allows remote attackers to execute arbitrary code on the target system. This issue was assigned under CVE-2020-10189. Description: Zoho ManageEngine Desktop Central is prone to untrusted deserialization vulnerability (CVE-2020-10189). … Continue reading “Zoho ManageEngine Desktop Central Unauthenticated Remote Code Execution Vulnerability (CVE-2020-10189)”
Kubernetes Kube-Controller-Manager Server Side Request Forgery (SSRF) Vulnerability
Summary: Kubernetes is an open source container orchestration system for automating application deployment, management and scaling. A security flaw was discovered and disclosed on June 1, 2020 in Kubernetes . A Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager. The vulnerability allows an attacker to users to leak up to 500 bytes of arbitrary … Continue reading “Kubernetes Kube-Controller-Manager Server Side Request Forgery (SSRF) Vulnerability”
Microsoft Windows SMBv3 SMBleed Vulnerability (CVE-2020-1206)
Summary: Recently cyber-security researchers from Zecops disclosed a new critical vulnerability affecting SMB(Server Message Block)v3 protocol that may allow an attacker to leak kernel memory remotely, also when combined with a previously disclosed SMBGhost(CVE-2020-0796) bug, the flaw can further be exploited to achieve remote code execution on the target system.This issue was assigned under CVE-2020-1206. … Continue reading “Microsoft Windows SMBv3 SMBleed Vulnerability (CVE-2020-1206)”
Apache Tomcat Remote Code Execution Vulnerability(CVE-2020-9484)
Summary: Recently a new remote code execution vulnerability was disclosed for Apache Tomcat. Apache Tomcat is prone to by a Java deserialization vulnerability. However successful exploitation of this vulnerability requires the attacker to be able to upload an arbitrary file onto the server. This issue was assigned under CVE-2020-9484. Description: There are number of prerequisites … Continue reading “Apache Tomcat Remote Code Execution Vulnerability(CVE-2020-9484)”
Oracle Coherence Remote Code Execution Vulnerability
Summary: Oracle Coherence is a product in Oracle Fusion Middleware that enables organizations to scale mission critical application by providing them fast access to the frequently used data. Oracle Coherence is prone to Remote Code Execution vulnerability. This issue was assigned under CVE-2020-2555. Description: Oracle in their Advisory for January critical updates released patch for … Continue reading “Oracle Coherence Remote Code Execution Vulnerability”
Sonatype Nexus Repository Manager 3 Multiple Vulnerabilities
Summary: Sonatype Nexus Repository Manager 3 suffer from Multiple Vulnerabilities which were assigned under following CVE’s. CVE-2020-10199: Remote Code Execution vulnerability. (Any account) CVE-2020-10204: Remote Code Execution. (Requires Admin Privileges) CVE-2020-10203: Cross-Site Scripting (XSS) vulnerability. Description: Recently, Sonatype officially released the vulnerability announcements for CVE-2020-10199 , CVE-2020-10204 and CVE-2020-10203 in Sonatype Nexus Security Advisory. CVE-2020-10199 … Continue reading “Sonatype Nexus Repository Manager 3 Multiple Vulnerabilities”
Grandstream UCM62xx Remote Code Execution Vulnerability
Summary: IP PBX series allows businesses to unify multiple communication technologies, such as voice, video calling, video conferencing, video surveillance, data tools, mobility options and facility access management onto one common network. UCM62xx series is prone to Unauthenticated Remote code Execution and HTML Injection.This issue was assigned under CVE-2020-5722. Description: The web interface of UCM62xx … Continue reading “Grandstream UCM62xx Remote Code Execution Vulnerability”