Weekly Vulnerabilities Reports > July 22 to 28, 2013

Overview

43 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 11 vendors including HP, IBM, Cisco, Bestpractical, and Mcafee. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Cryptographic Issues", "SQL Injection", and "Improper Authentication".

  • 40 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 35 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-26 CVE-2013-4937 Asus Unspecified vulnerability in Asus products

Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.

10.0
2013-07-23 CVE-2013-3012 IBM Arbitrary Code Execution vulnerability in IBM Java

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011.

9.3
2013-07-23 CVE-2013-3011 IBM Arbitrary Code Execution vulnerability in IBM Java

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012.

9.3
2013-07-23 CVE-2013-3010 IBM Arbitrary Code Execution vulnerability in IBM Java

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3007.

9.3
2013-07-23 CVE-2013-3009 IBM Arbitrary Code Execution vulnerability in IBM Java

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.

9.3
2013-07-23 CVE-2013-3008 IBM Arbitrary Code Execution vulnerability in IBM Java

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.

9.3
2013-07-23 CVE-2013-3007 IBM Arbitrary Code Execution vulnerability in IBM Java

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.

9.3
2013-07-23 CVE-2013-3006 IBM Arbitrary Code Execution vulnerability in IBM Java

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3008.

9.3
2013-07-25 CVE-2013-3430 Cisco Improper Authentication vulnerability in Cisco Video Surveillance Manager

Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.

9.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-22 CVE-2013-2365 HP Information Disclosure vulnerability in HP Database and Middleware Automation 10.0/10.01

HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors.

7.9
2013-07-25 CVE-2013-3431 Cisco Improper Authentication vulnerability in Cisco Video Surveillance Manager

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.

7.8
2013-07-25 CVE-2013-3429 Cisco Path Traversal vulnerability in Cisco Video Surveillance Manager

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.

7.8
2013-07-23 CVE-2013-4890 Samsung Denial of Service vulnerability in Samsung products

The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.

7.8
2013-07-23 CVE-2013-2249 Apache
Juniper
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
7.5
2013-07-23 CVE-2013-2165 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

7.5
2013-07-23 CVE-2013-4002 IBM Denial of Service vulnerability in IBM Java

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

7.1

24 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-26 CVE-2013-4015 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.

6.9
2013-07-23 CVE-2013-3437 Cisco SQL Injection vulnerability in Cisco Unified Operations Manager

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.

6.5
2013-07-22 CVE-2013-4882 Mcafee SQL Injection vulnerability in Mcafee Epolicy Orchestrator and Epolicy Orchestrator Agent

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

6.5
2013-07-24 CVE-2012-6579 Bestpractical Cryptographic Issues vulnerability in Bestpractical Request Tracker

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.

6.4
2013-07-23 CVE-2013-3441 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210.

5.4
2013-07-24 CVE-2013-3438 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Meetingplace web Conferencing

The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.

5.0
2013-07-23 CVE-2013-3435 Cisco Resource Management Errors vulnerability in Cisco products

The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052.

5.0
2013-07-22 CVE-2013-2363 HP Information Disclosure vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.

5.0
2013-07-22 CVE-2013-2356 HP Information Disclosure vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.

5.0
2013-07-22 CVE-2013-2355 HP Permissions, Privileges, and Access Controls vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.

5.0
2013-07-22 CVE-2012-5217 HP Permissions, Privileges, and Access Controls vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.

5.0
2013-07-25 CVE-2013-3414 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

4.3
2013-07-25 CVE-2013-3999 IBM Cross-Site Scripting vulnerability in IBM Social Media Analytics 1.2.0.0

Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-24 CVE-2012-6581 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical Request Tracker

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.

4.3
2013-07-24 CVE-2012-6580 Bestpractical Cryptographic Issues vulnerability in Bestpractical Request Tracker

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.

4.3
2013-07-24 CVE-2012-6578 Bestpractical Cryptographic Issues vulnerability in Bestpractical Request Tracker

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.

4.3
2013-07-23 CVE-2013-3440 Cisco Cross-Site Scripting vulnerability in Cisco Unified Operations Manager

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

4.3
2013-07-23 CVE-2013-3439 Cisco Cross-Site Scripting vulnerability in Cisco Unified Operations Manager

Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.

4.3
2013-07-22 CVE-2013-4883 Mcafee Cross-Site Scripting vulnerability in Mcafee Epolicy Orchestrator and Epolicy Orchestrator Agent

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.

4.3
2013-07-22 CVE-2013-2361 HP Cross-Site Scripting vulnerability in HP System Management Homepage

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-07-22 CVE-2013-2360 HP Remote Denial of Service vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.

4.0
2013-07-22 CVE-2013-2359 HP Remote Denial of Service vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.

4.0
2013-07-22 CVE-2013-2358 HP Remote Denial of Service vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.

4.0
2013-07-22 CVE-2013-2357 HP Remote Denial of Service vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-25 CVE-2013-3979 IBM
Microsoft
Cross-Site Scripting vulnerability in IBM Star Command Center

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-07-22 CVE-2013-2364 HP Cross-Site Scripting vulnerability in HP System Management Homepage

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-07-22 CVE-2013-2362 HP Local Denial of Service vulnerability in HP System Management Homepage

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.

2.1