CVE-2020-4931

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
Source: NIST
CVE-2020-4931

CVE-2020-11988

Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Source: NIST
CVE-2020-11988

CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Source: NIST
CVE-2020-11987

CrowdStrike Slams Microsoft Over SolarWinds Hack

CrowdStrike Slams Microsoft Over SolarWinds Hack

The United States Senate’s select committee on intelligence met yesterday to hear evidence from tech executives regarding the historic hack on Texas-based company SolarWinds



Government agencies issued emergency directives in December after cybersecurity company FireEye detected a supply-chain attack trojanizing SolarWinds’ Orion business software updates to distribute malware.



Using SolarWinds and Microsoft programs, hackers believed to have been working for Russia attacked nine federal agencies and around 100 American companies.



The committee heard that both the scale and sophistication of the attack were greater than had been previously thought. Microsoft president Brad Smith said the attack “was the largest and most sophisticated sort of operation that we have seen” and that he believed it was the work of “at least 1,000 very skilled, very capable engineers.”



The true impact of the attack may never be gauged as victims are only required by law to disclose cyber-attacks that expose individuals’ private data. 



During the attack, hackers were able to read Microsoft’s source code for how its programs authenticate users and then manipulate those programs to access new areas inside victims’ networks. 



Smith said that this had been made possible not through any errors on Microsoft’s part, but as the result of customers’ configuration mistakes and other errors that meant “the keys to the safe and the car were left out in the open.”



CrowdStrike‘s chief executive George Kurtz said the hackers were able to exploit Microsoft’s overly complicated and “antiquated” architecture. 



“The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network” and reach the cloud environment while bypassing multifactor authentication, said Kurtz. 



To increase national cybersecurity, Smith called for companies to improve information-sharing about cyber-attacks. Kurtz called for Microsoft to fix issues existing in Active Directory and Azure.



He said: “Should Microsoft address the authentication architecture limitations around Active Directory and Azure Active Directory, or shift to a different methodology entirely, a considerable threat vector would be completely eliminated from one of the world’s most widely used authentication platforms.”



Senator Mark Warner pointed out that 30% of the victims did not have Orion software installed and that they were attacked via other methods. Mandiant CEO Kevin Mandia said that the main attack tactic deployed by hackers was password spray—trying common or reused passwords against accounts en masse.


Source: Infosecurity
CrowdStrike Slams Microsoft Over SolarWinds Hack

The Realities of Extended Detection and Response (XDR) Technology

While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
Source: DarkReading
The Realities of Extended Detection and Response (XDR) Technology

CVE-2021-22667

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).
Source: NIST
CVE-2021-22667

CVE-2021-21974

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Source: NIST
CVE-2021-21974

CVE-2020-27224

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.
Source: NIST
CVE-2020-27224

CVE-2020-7836

VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page.
Source: NIST
CVE-2020-7836

CVE-2021-21973

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Source: NIST
CVE-2021-21973