Monthly Archive: July 2019

Intersystems Cache 2017.2.2.865.0 allows XXE. Date published : 2019-07-11 https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities

Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. Date published : 2019-07-11 https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities

Intersystems Cache 2017.2.2.865.0 allows XSS. Date published : 2019-07-11 https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities

Cloudera Manager through 5.15 has Incorrect Access Control. Date published : 2019-07-11 https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager

Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. Date published : 2019-07-11 http://surl.twcert.org.tw/aTxze https://tvn.twcert.org.tw/taiwanvn/TVN-201906004

Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the...

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected...

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available. Date published : 2019-07-11 http://www.securityfocus.com/bid/109130 https://www.vmware.com/security/advisories/VMSA-2019-0011.html

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. Date published : 2019-07-11 https://www.ibm.com/support/docview.wss?uid=ibm10882412 https://exchange.xforce.ibmcloud.com/vulnerabilities/160015

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or...

IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. Date published : 2019-07-11 https://www.ibm.com/support/docview.wss?uid=ibm10957121...

IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. Date published : 2019-07-11 http://www.securityfocus.com/bid/109147 http://www.ibm.com/support/docview.wss?uid=ibm10885290

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them...

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. Date published : 2019-07-11 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011082