Cloud Threats and Priorities as We Head Into the Second Half of 2020
From DHS/US-CERT’s National Vulnerability Database CVE-2020-14202
PUBLISHED: 2020-06-22
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.
CVE-2020-14203
PUBLISHED: 2020-06-22
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044.
CVE-2020-14204
PUBLISHED: 2020-06-22
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t…
CVE-2020-14461
PUBLISHED: 2020-06-22
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
CVE-2020-14966
PUBLISHED: 2020-06-22
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and ‘0’ characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a sec…
Read More HERE