#CISA: #Vulnerability Summary for the Week of April 25, 2022

Read Time18 Minute, 37 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/02/2022 06:16 AM EDT

 

Original release date: May 2, 2022

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jfinalcms_project — jfinalcms JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. 2022-04-22 7.5 CVE-2022-27341
MISC
link-admin_project — link-admin Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). 2022-04-22 7.5 CVE-2022-27342
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. 2022-04-22 6.8 CVE-2021-38886
XF
CONFIRM
pimcore — pimcore SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 2022-04-22 5 CVE-2022-1429
MISC
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. 2022-04-22 4.3 CVE-2021-38904
XF
CONFIRM
microweber — microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. 2022-04-22 4.3 CVE-2022-1439
CONFIRM
MISC
crypt-server_project — crypt-server Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. 2022-04-22 4.3 CVE-2022-29589
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 4 CVE-2021-20464
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 4 CVE-2021-29824
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. 2022-04-22 4 CVE-2021-38905
XF
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. 2022-04-22 3.5 CVE-2021-38903
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. 2022-04-22 3.5 CVE-2021-38946
CONFIRM
XF

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
artifex — ghostscript Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST
wordpress — dw_question_&_answer_pro_wordpress_plugin The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC
wordpress — dw_question_&_answer_pro_wordpress_plugin The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC
wordpress — tatsu_wordpress_plugin The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC
wordpress– english_wordpress_admin_wordpress_plugin The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC
sophos — authenticator_for_android An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM
maxboard — maxboard Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC
tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. 2022-04-26 not yet calculated CVE-2021-26629
MISC
ibm — qradar_siem IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF
nomachine — nomachine_for_windows NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM
bender/ebee — cc612 In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM
bender/ebee — charge_controllers In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM
3scale — apicast A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC
solarwinds — serv-u A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC
metasys — ads/adx/oas Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM
veryfixpro — veryfixpro VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC
wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM
tripetto — tripetto_plugin Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM
lenovo — pcmanager A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC
lenovo — pcmanager A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC
lenovo — multiple_products An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM
ibm — qradar_siem IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF
ibm — qradar_siem IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM
ibm — qradar IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF
ibm — qradar_siem IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF
ibm — qradar_siem IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF
lenovo — multiple_products An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM
motorola — multiple_products Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC
ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF
lenovo — lenovovariable_smi_handler A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC
lenovo — notebook A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC
lenovo — notebook A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC
red_hat — gnome-shell Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC
artica — proxy There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC
eclipse — openj9 In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM
novelplus — novel-plus novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC
magic_cms_msvod — magic_cms_msvod The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC
encode– oss_httpx Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms — subrion_cms A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC
pingidentity — pingid_windows_login A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid_adnroid A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid_ios A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
pingidentity — pingid_desktop PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
aemu — aemu A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC
aemu — aemu A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC
lenovo — nvme_driver A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC
lenovo — smbios_event_log_driver A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC
lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC
wordpress — sp_project_&_document_manager_wordpress_plugin The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC
elcomplus — smartptt Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930

About Post Author

Robert Williams

News247WorldPress is a UK News Agency. The Agency was founded in August 2014 by Robert Williams and L. J. Rothschild. As an international news agency we cover all the important top news of the day in text, pictures and graphics in many languages: German, English, Romanian and more...

This site uses Akismet to reduce spam. Learn how your comment data is processed.