A Java deserialization vulnerability exists in the QRadar RemoteJavaScript Servlet. An authenticated user can call one of the vulnerable methods and cause the Servlet to deserialize arbitrary objects. An attacker can exploit this vulnerability by creating a specially crafted (serialized) object, which amongst other things can result in a denial of service, change of system settings, or execution of arbitrary code. This issue was successfully verified on QRadar Community Edition version 7.3.1.6 (7.3.1 Build 20180723171558).
0f8533fd0513dc351a0c6bb51c862f6156842187d3e72a38a9b78ea74a771878A file hijacking vulnerability was found in the Microsoft OneDrive client. This vulnerability allows a local attacker to plant a DLL file on the local machine. This DLL will then be loaded whenever (another) user launches OneDrive, running with the privileges of the victim. This issue was successfully verified on Microsoft OneDrive version 19.232.1124.0010.
cdf89cfe735b764a683421b596c19e1fa3faa2afa4b22a2a0becf3b682b9ff97Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.
8ee614424eee5c4644b331ca89e2c2afc6470c9c8941cb5e0f7d3280686ef76cQRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.
d0089d965548cc9ad0cf3335b0445c8f608d84826c153acdf719f7a4d672de9aQRadar Community Edition version 7.3.1.6 suffers from an authorization bypass vulnerability.
eaefd76762cac1aef9a9ba909eae0231fa2f6033f281a8d3c45881d26db41f86QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.
79acda4a95f3ff77796484c45f9a5e4263e1e7678990f7cefeb06fe52b21e965QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability.
f3ead7ab6cd9ff80673ed0eb62aee04ea3cf3ec0b0842fbda2123d7595ae9847QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.
715d99b55d854b8fb9614afe2a7874cfe20587ea62fbe0dc00f243f7d7096d49QRadar Community Edition version 7.3.1.6 suffers from a reflective cross site scripting vulnerability in the Forensics link analysis page.
de763810bd2f7fcedfeb5bef3c398e9153a25a188ec90a611064997aac9a057bQRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.
1caf5adfef98f5b24c0b2fa37febb95cb109d5510d52d085c81c9c3de940faf4QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation (whitelisting), it is possible for authenticated attackers to execute Server-Side Request Forgery attacks. Using this issue it is possible to call the Apache Axis AdminService webservice in order to execute arbitrary code with the privileges of the Tomcat user.
c78ec41b4d8e07a1a88990b1959fd41ff5c7e8f2a7dc9c0d3bc5f59588faaa55QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including (encrypted) credentials and host tokens. With these host tokens it is possible to access other parts of QRadar.
7b24d2b362e3b645c36d7e340f45ee8ed555752f025a186acb8909e63ea7536dA vulnerability was found in the TrueVector Internet Monitor service, which is installed as part of the Check Point ZoneAlarm firewall. This vulnerability allows a local attacker to cause the affected service to change the file permissions of arbitrary local files. After the file permissions have been changed, the attacker can then overwrite its content, and ultimately gain elevated privileges on the vulnerable machine. This vulnerability was successfully verified on ZoneAlarm Free Firewall version 15.8.023.18219 and TrueVector Internet Monitor version 15.8.7.18219.
02f488ac378d0162d935ec047a7f4397a62ed4cbe4aebb0d1d4566f204e6add5Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
507e3c9cc2d0a60cb3923378de3e647c3ee8b937f4097ddf9a6615c71a46daf9A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
964ae3397201993a0875edfc0ea849d24a6d6bd09383d580016c683c5209f357It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
8258dbf9be109afe0d7a02ca62f333c5c39f3e9e6c52f1ae3f17a46f22ef8ecaIt was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.
d22755c11b4351cbedb8fccbfeb8f10b0a0fd56433daae7099f4a1f97ebe9bcbIt was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.
247ebbfbc6e429e14f49ffdb9bfdcf441bfb4a187e2d9cb26ed36d4cf65e0153It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
d932fe2ac618b65b67fd2884481f4279bcc3c61802d9521bc7877fecf8dee16bZimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.
099f87fddf07da704f9a67a7b4979ce0266914e76497434c8d04de08bbcff92aSeagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
f3f389a36fe31dac25043a5e92d7942a029fddff9e00419ed4f652efc9e5e14cVTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.
a08bb9d4f448fbb6f9f63a559f19f3797bec827496e85a2dc0d075a49501d4feKaseya VSA version 9.2 suffers from an authentication bypass vulnerability.
e785da11616e7a87313aa682bf3a5d5846991c50c08eb3af26d282128488274bKaseya VSA version 9.2 suffers from a remote shell upload vulnerability.
3194d2bc7ec7bf4ca1d8cc6d614abed584d5a7059e33e7ada477b3d959687b05VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.
f9da9299e285b5c8f647f4ba06b7a3c22775d378407e62fae4db31ce2e6430e4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed