Weekly Vulnerabilities Reports > September 2 to 8, 2013
Overview
45 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 147 products from 12 vendors including Open Xchange, Cisco, Trivantis, Supermicro, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Cross-Site Request Forgery (CSRF)".
- 43 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 35 reported vulnerabilities are exploitable by an anonymous user.
- Open Xchange has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-09-08 | CVE-2013-3609 | Supermicro | Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. | 10.0 |
| 2013-09-08 | CVE-2013-3608 | Supermicro | Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. | 10.0 |
| 2013-09-08 | CVE-2013-3607 | Supermicro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro products Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. | 10.0 |
| 2013-09-06 | CVE-2013-3599 | Trivantis | Improper Input Validation vulnerability in Trivantis Coursemill Learning Management System 6.6/6.8 userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html. | 9.3 |
| 2013-09-06 | CVE-2013-1119 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503. | 9.3 |
| 2013-09-06 | CVE-2013-1118 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645. | 9.3 |
| 2013-09-06 | CVE-2013-1117 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCuc27639. | 9.3 |
| 2013-09-06 | CVE-2013-1116 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147 and CSCub28383. | 9.3 |
| 2013-09-06 | CVE-2013-1115 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109. | 9.3 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-09-06 | CVE-2013-3600 | Trivantis | Improper Input Validation vulnerability in Trivantis Coursemill Learning Management System 6.6 Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions. | 8.5 |
| 2013-09-06 | CVE-2013-3602 | Trivantis | SQL Injection vulnerability in Trivantis Coursemill Learning Management System 6.6 SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter. | 7.5 |
29 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-09-06 | CVE-2013-5708 | Trivantis | Cross-Site Request Forgery (CSRF) vulnerability in Trivantis Coursemill Learning Management System 6.8 Coursemill Learning Management System (LMS) 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605. | 6.8 |
| 2013-09-06 | CVE-2013-3605 | Trivantis | Cross-Site Request Forgery (CSRF) vulnerability in Trivantis Coursemill Learning Management System 6.6 Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies. | 6.8 |
| 2013-09-05 | CVE-2013-5471 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Global Site Selector Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. | 6.8 |
| 2013-09-05 | CVE-2013-3479 | Sharethis Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Sharethis Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. | 6.8 |
| 2013-09-06 | CVE-2013-3601 | Trivantis | Permissions, Privileges, and Access Controls vulnerability in Trivantis Coursemill Learning Management System 6.6 Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter. | 6.0 |
| 2013-09-05 | CVE-2013-3276 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. | 6.0 |
| 2013-09-05 | CVE-2013-3277 | EMC | Improper Input Validation vulnerability in EMC RSA Archer Egrc Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2013-09-05 | CVE-2013-1651 | Open Xchange | Cryptographic Issues vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate. | 5.8 |
| 2013-09-08 | CVE-2013-5132 | Apple | Numeric Errors vulnerability in Apple Airport Base Station Firmware Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame. | 5.4 |
| 2013-09-08 | CVE-2013-0531 | IBM | Cryptographic Issues vulnerability in IBM Security Appscan The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-09-05 | CVE-2013-2582 | Open Xchange | Code Injection vulnerability in Open-Xchange Appsuite and Open-Xchange Server CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters. | 5.0 |
| 2013-09-05 | CVE-2013-1647 | Open Xchange | Code Injection vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs. | 5.0 |
| 2013-09-04 | CVE-2013-5470 | Cisco | Improper Input Validation vulnerability in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | 5.0 |
| 2013-09-04 | CVE-2013-3469 | Cisco | Information Exposure vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | 5.0 |
| 2013-09-05 | CVE-2013-5035 | Htmlcleaner Project Open Xchange | Race Condition vulnerability in multiple products Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations. | 4.9 |
| 2013-09-08 | CVE-2013-5483 | Cisco | Cross-Site Scripting vulnerability in Cisco Socialminer Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868. | 4.3 |
| 2013-09-06 | CVE-2013-5707 | Trivantis | Cross-Site Scripting vulnerability in Trivantis Coursemill Learning Management System 6.8 Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence, a different issue than CVE-2013-3604. | 4.3 |
| 2013-09-06 | CVE-2013-5706 | Trivantis | Cross-Site Scripting vulnerability in Trivantis Coursemill Learning Management System 6.8 Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603. | 4.3 |
| 2013-09-06 | CVE-2013-3604 | Trivantis | Cross-Site Scripting vulnerability in Trivantis Coursemill Learning Management System 6.6 Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input. | 4.3 |
| 2013-09-06 | CVE-2013-3603 | Trivantis | Cross-Site Scripting vulnerability in Trivantis Coursemill Learning Management System 6.6 Cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | 4.3 |
| 2013-09-06 | CVE-2013-1228 | Cisco | Cryptographic Issues vulnerability in Cisco Jabber Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280. | 4.3 |
| 2013-09-06 | CVE-2012-5990 | Cisco | Cross-Site Scripting vulnerability in Cisco products Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | 4.3 |
| 2013-09-05 | CVE-2013-3106 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244. | 4.3 |
| 2013-09-05 | CVE-2013-2583 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file. | 4.3 |
| 2013-09-05 | CVE-2013-1649 | Open Xchange | Credentials Management vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 4.3 |
| 2013-09-05 | CVE-2013-1646 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature. | 4.3 |
| 2013-09-04 | CVE-2013-1661 | Vmware | Improper Input Validation vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. | 4.3 |
| 2013-09-08 | CVE-2013-3596 | Advanceprotech | Permissions, Privileges, and Access Controls vulnerability in Advanceprotech Advanceware AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter. | 4.0 |
| 2013-09-05 | CVE-2013-1645 | Open Xchange | Path Traversal vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
5 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-09-05 | CVE-2013-5698 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106. | 3.5 |
| 2013-09-05 | CVE-2013-4790 | Open Xchange | Credentials Management vulnerability in Open-Xchange Appsuite Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server. | 3.5 |
| 2013-09-05 | CVE-2013-1648 | Open Xchange | Improper Input Validation vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | 3.5 |
| 2013-09-05 | CVE-2013-1650 | Open Xchange | Permissions, Privileges, and Access Controls vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations. | 2.1 |
| 2013-09-08 | CVE-2013-2997 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | 1.7 |