SAP Solution Manager Missing Authentication Vulnerability (CVE-2020-6207)

Tracked as CVE-2020-6207, an age-old critical vulnerability with a CVSS score of 10 has come into the limelight at the start of 2021. The vulnerability belongs to SAP Solution Manager version 7.2 (March 2020), for which SAP released a patch in March 2020. SolMan is a centralized application used to manage on-premises, hybrid, and cloud … Continue reading “SAP Solution Manager Missing Authentication Vulnerability (CVE-2020-6207)”

Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-14882)

Overview Recently, Oracle released the Critical Patch Update (CPU) for the critical RCE vulnerability (CVE-2020-14882). This vulnerability is discovered in the console component of WebLogic Server which is a product of Oracle Fusion Middleware.  Successful exploitation of this flaw could result in taking complete control over vulnerable systems having network access. In this patch, two … Continue reading “Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-14882)”

vBulletin pre-auth Remote Code Execution Vulnerability

vBulletin is a well-known forum software worldwide. Recently a pre-auth RCE was observed that bypasses CVE-2019-16759, September 2019 vBulletin patch. Security researcher Amir Etemadieh (Zenfox) has discovered this zero day and has published POC in various formats in his blog on 9th Aug,2020. Description The vulnerability exists in the dynamic creation of widgets at ajax/render/widget_tabbedcontainer_tab_panel. … Continue reading “vBulletin pre-auth Remote Code Execution Vulnerability”

Apache Guacamole Remote Code Execution Vulnerability (CVE-2020-9497, CVE-2020-9498)

Summary: In the first week of July,2020, Apache released patches to address two  critical vulnerabilities – CVE-2020-9497 and CVE-2020-9498. Researchers from the Check Point team found these vulnerabilities in FreeRDP and reverse RDP connection of Apache Guacamole.  Description: According to Apache’s documentation: “guacd is the heart of Guacamole.” Upon startup, guacd listens on TCP port 4822 and waits for incoming instructions from the … Continue reading “Apache Guacamole Remote Code Execution Vulnerability (CVE-2020-9497, CVE-2020-9498)”

ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)

Summary: A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Description: Zoho ManageEngine Desktop Central faces An untrusted deserialization vulnerability. The vulnerability stems from an improper input validation in the FileStorage class. This … Continue reading “ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)”