October 2020

CVE-2020-5425

Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions.

Note: Foundation may be vulnerable only if:
1) The system zone is set up to use a SAML identity provider
2) There are internal users that have the same username as users in the external SAML provider
3) Those duplicate-named users have the scope to access the SSO operator dashboard
4) The vulnerability doesn’t appear with LDAP because of chained authentication.
Source: NIST
CVE-2020-5425

CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.
Source: NIST
CVE-2020-15703

CVE-2020-5991

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
Source: NIST
CVE-2020-5991

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
Source: NIST
CVE-2020-15276

CVE-2020-15273

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1.
Source: NIST
CVE-2020-15273

CVE-2020-15277

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
Source: NIST
CVE-2020-15277

Marriott Fined £18.4m Over Data Breach

Marriott Fined £18.4m Over Data Breach

The Information Commissioner’s Office (ICO) has fined hotel chain Marriott International £18.4m over a data breach that exposed the information of millions of guests worldwide. 



The UK’s independent body set up to uphold information rights imposed the financial penalty on Marriott for “failing to keep millions of customers’ personal data secure.”



In November 2018, Marriott reported a data breach that saw an estimated 339 million guest records exposed globally, of which around seven million related to UK residents. An investigation into the incident revealed that an unauthorized party had been accessing the network of Starwood Hotels and Resorts Worldwide Inc. since 2014, copying and encrypting information.



The attack remained undetected until September 2018, by which time Starwood had been acquired by Marriott. 



The personal data involved in the breach differed between individuals, but the ICO said that it may have included names, email addresses, phone numbers, unencrypted passport numbers, arrival/departure information, guests’ VIP status, and loyalty program membership number.



An investigation into the incident by the ICO found that Marriott “failed to put appropriate technical or organizational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).”



However, the ICO recognized that Marriott was swift to act once the breach had been discovered, contacting customers and the ICO promptly. 



“It also acted quickly to mitigate the risk of damage suffered by customers, and has since instigated a number of measures to improve the security of its systems,” said the commissioner’s office.



In July last year, the ICO announced an intention to fine Marriott £99m over the data breach for “infringements of the GDPR.”



In a statement released yesterday, the ICO said: “As part of the regulatory process, the ICO considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of COVID-19 on their business before setting a final penalty.”



Although the breach dates back to 2014, the GDPR regulations only came into effect in May 2018, two years before the UK left the European Union.


Source: Infosecurity
Marriott Fined £18.4m Over Data Breach

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Source: NIST
CVE-2020-7373