Zephyrnet Logo

Latest Security News from RSAC 2020

Date:

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-3670
PUBLISHED: 2020-02-24

Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.

CVE-2020-9351
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a…

CVE-2020-9352
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.

CVE-2020-9353
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML …

CVE-2020-9354
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat…

Source: https://www.darkreading.com/attacks-breaches/latest-security-news-from-rsac-2020/d/d-id/1337045?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

spot_img

Latest Intelligence

spot_img