dcsimg

IT Security Vulnerability Roundup – April 2019

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

With dozens if not hundreds of security vulnerabilities disclosed every month, it can be a challenge to keep up. Below, we take a closer look at a dozen of them, all with CVSS scores of 9.8 or higher, that were disclosed within the past few weeks.

1. Code Execution Vulnerability in Several TIBCO Products

CVE identifier: CVE-2019-8992

CVSS Base Score: 9.9

The vulnerability: A wide range of TIBCO products (TIBCO ActiveMatrix BPM versions 4.2.0 and below, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below, TIBCO ActiveMatrix Policy Director versions 1.1.0 and below, TIBCO ActiveMatrix Service Bus versions 3.3.0 and below, TIBCO ActiveMatrix Service Grid versions 3.3.1 and below, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below, TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below) could allow a remote authenticated attacker to execute arbitrary code on the system, due to a flaw  in the administrative server.

The fix: TIBCO has released software updates and workarounds to address the issue.

More info: IBM X-Force has details here, and TIBCO has more information here.

2. Four Critical Vulnerabilities in Sierra Wireless AirLink ES450

CVE identifiers: CVE-2019-4061, CVE-2019-4063, CVE-2019-4072, CVE-2019-4073

CVSS Base Scores: 9.9, 9.9, 9.9, 9.9

The vulnerabilities: Four critical vulnerabilities exist in Sierra Wireless AirLink ES450 devices. A flaw in the ACEManager iplogging.cgi function could allow an attacker to execute arbitrary commands on the system, improper validation of file extensions by the upload.cgi script could enable an attacker to upload a malicious file and execute arbitrary code, and two flaws in the ACEManager EmbeddedAceSet_Task.cgi function could allow an attacker to bypass security restrictions and write arbitrary settings.

The fixes: No remedies were yet available for the flaws at the time of publication.

More info: IBM X-Force has details here, here, here and here.

3. Two Vulnerabilities in FreeRADIUS

CVE identifiers: CVE-2019-11234, CVE-2019-11235

CVSS Base Scores: 9.8, 9.8

The vulnerabilities: Two vulnerabilities in the eap_pwd.c source code file of FreeRADIUS could enable an unauthenticated remote attacker to conduct an invalid curve attack and an authentication spoofing attack on a targeted system.

The fix: FreeRADIUS has released software updates to address the vulnerability.

More info: Cisco has details here and here, and FreeRADIUS has more information here.

4. Security Bypass Flaw in Fujifilm FCR Capsula X/Carbon X

CVE identifier: CVE-2019-10950

CVSS Base Score: 9.8

The vulnerability: A flaw in Fujifilm FCR (Fujifilm Computed Radiography) Capsula X/Carbon X, caused by improper access control by the insecure telnet services, could allow a remote attacker to bypass security restrictions and gain access to the underlying operating system. Affected products include Fujifilm CR-IR 357 FCR Carbon X, Fujifilm CR-IR 357 FCR XC-2, and Fujifilm CR-IR 357 FCR Capsula X.

The fix: Fujifilm has not yet released updates to patch these flaws, but because these are radiography cassette readers and therefore considered critical infrastructure for healthcare and public health, the U.S. Department of Homeland Security has advice on workarounds here.

More info: IBM X-Force has details here.

5. Code Execution Flaw in Oracle WebLogic Server

CVE identifier: CVE-2019-2725

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware, caused by improper deserialization, could enable a remote attacker to execute arbitrary code on the system.

The fix: Oracle has released software updates to address the vulnerability.

More info: IBM X-Force has details here, and Oracle has more information here.

6. Off-Path Attack Vulnerability in Network Time Protocol

CVE identifier: CVE-2019-11331

CVSS Base Score: 9.8

The vulnerability: A flaw in Network Time Protocol (NTP), due to improper use of port 123, could allow an attack to conduct an off-path attack, resulting in complete system compromise.

The fix: NTP.org had not yet released patches at the time of publication.

More info: Cisco has details here.

7. Cloud Foundry Code Execution Flaw

CVE identifier: CVE-2019-3801

CVSS Base Score: 9.8

The vulnerability: A vulnerability in Cloud Foundry cf-deployment (versions prior to 7.9.0), caused by using an insecure protocol to fetch dependencies when building, could allow a remote attacker to execute arbitrary code on a targeted system.

The fix: Cloud Foundry has released software updates to address the vulnerability.

More info: IBM X-Force has details here, and Cloud Foundry has more information here.

8. SQL Injection Vulnerability in Nagios XI API

CVE identifier: CVE-2019-2725

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the Nagios XI API, caused by insufficient validation of user-supplied input, could enable an unauthenticated remote attacker to conduct a SQL injection attack on a targeted system.

The fix: Nagios has released software updates to address the vulnerability.

More info: Cisco has details here, and Nagios has more information here.

9. Remote Code Execution Flaw in Rails Development Mode

CVE identifier: CVE-2019-5420

CVSS Base Score: 9.8

The vulnerability: A flaw in the development mode of Rails, caused by unsafe use of the automatically generated development mode secret token, could enable an attacker to guess the secret token and execute arbitrary code on a targeted system.

The fix: Rails has released software updates to address the vulnerability.

More info: Cisco has details here, and Rails has more information here.

10. XML External Entity Vulnerability in Apache PDFBox

CVE identifier: CVE-2019-0228

CVSS Base Score: 9.8

The vulnerability: A vulnerability in Apache PDFBox, caused by improper initializing of the XML parser, could allow an unauthenticated remote attacker to conduct an XML External Entity (XXE) attack on a targeted system, which could then be used to conduct further attacks.

The fix: Apache has released software updates to address the vulnerability.

More info: Cisco has details here, and Apache has more information here.

11. Information Disclosure Flaw in Portainer

CVE identifier: CVE-2019-19466

CVSS Base Score: 9.8

The vulnerability: A flaw in Portainer, caused by the fact that the software stores LDAP credentials in clear text and performs insufficient security checks on API calls that allow the retrieval of LDAP credentials, could enable an attacker to access sensitive information on a targeted system.

The fix: Portainer has released software updates to address the vulnerability.

More info: Cisco has details here, and Portainer has more information here.

12. Arbitrary Code Execution Flaw in Apache Tomcat

CVE identifier: CVE-2019-0232

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the CGI Servlet of Apache Tomcat, caused when enableCmdLineArguments is enabled on a Windows system and the Java Runtime Environment (JRE) passes command-line arguments to the system, could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system.

The fix: The Apache Software Foundation is in the process of releasing software updates to address the vulnerability.

More info: Cisco has details here, and the Apache Software Foundation has more information here.

 

Looking for more? Last month’s vulnerability roundup can be found here.