Forum

Message Boards Message Boards

Announcements

Security Vulnerabilities Notification

Security Vulnerabilities Notification
Answer
30 September 2021 8:26
Dear CREODIAS Users,
In the Security section customers will find information about latest and most critical security vulnerabilities, published in the last month by the SANS Institute (www.sans.org). Security vulnerabilities in software and hardware are very often used by cyber criminals to attack IT infrastructure and steal or destroy company's data, that is why companies are advice to fix those vulnerabilities as soon as possible.

ID: CVE-2021-35042
Title: SQL Injection Vulnerability in Django 3.1.0
Vendor: Django Project
Description: Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

ID: CVE-2021-20032
Title: Remote Code Execution Vulnerability in SonicWall Analytics
Vendor: Sonicwall
Description: SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.

ID: CVE-2021-38553
Title: Weak Permissions Vulnerability in HashiCorp Vault
Vendor: HashiCorp
Description HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

ID: CVE-2021-37608
Title: Malicious File Upload Vulnerability in Apache OFBiz
Vendor: Apache
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.
 
ID: CVE-2021-39199
Title: XSS Vulnerability in Remark HTML
Description: remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitrary HTML can be passed through leading to potential XSS attacks. The problem has been patched in 13.0.2 and 14.0.1: `remark-html` is now safe by default, and the implementation matches the documentation. On older affected versions, pass `sanitize: true` if you cannot update.
 
ID: CVE-2021-39509
Title: Command Injection Vulnerability in D-Link Devices
Vendor: Dlink
Description: An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
 
ID: CVE-2021-27850
Title: Remote Code Execution Vulnerability in Apache Tapestry
Vendor: Apache
Description: A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
 
ID: CVE-2021-40444
Title: Microsoft MSHTML Remote Code Execution Vulnerability
Vendor: Microsoft
Description: MSHTML is the Internet Explorer web browser’s rendering engine, though many Office documents also use this engine. If an adversary were to successfully exploit this vulnerability, they could remotely execute code on the victim machine or gain complete control.
Attackers are using a .DOCX file. Upon opening it, the document loaded the Internet Explorer engine to render a remote web page from the threat actor. Malware is then downloaded by using a specific ActiveX control in the web page. Executing the threat is done using "a trick called 'Cpl File Execution'," referenced in Microsoft's advisory
 
ID: CVE-2021-36965
Title: Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
Vendor: Microsoft
Description: This vulnerability could allow network adjacent attackers to run their code on affected systems at SYSTEM level. This means an attacker could completely take over the target – provided they are on an adjacent network. This would be highly useful in a coffee shop scenario where multiple people are using an unsecured WiFi network. Still, this requires no privileges or user interaction, so don’t let the adjacent aspect of this bug diminish the severity.

Best regards,

CREODIAS Team
 
 
 
0 (0 Votes)