Weekly Vulnerabilities Reports > March 14 to 20, 2016

Overview

31 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 37 products from 18 vendors including HP, IBM, Symantec, Debian, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Access Control".

  • 26 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 18 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-19 CVE-2016-2245 HP Improper Authentication vulnerability in HP Support Assistant 8.1.40.3

HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

10.0
2016-03-18 CVE-2016-1995 HP Unspecified vulnerability in HP System Management Homepage

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2016-03-17 CVE-2016-2345 Dameware Buffer Errors vulnerability in Dameware Mini Remote Control 12.0

Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.

10.0
2016-03-15 CVE-2016-1989 HP Unspecified vulnerability in HP Network Automation

HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.

10.0
2016-03-15 CVE-2016-1988 HP Unspecified vulnerability in HP Network Automation

HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

10.0
2016-03-18 CVE-2015-8154 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."

9.3
2016-03-18 CVE-2014-9768 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services

** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code.

9.0

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-18 CVE-2015-8152 Symantec Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.

8.5
2016-03-18 CVE-2015-8153 Symantec SQL Injection vulnerability in Symantec Endpoint Protection Manager

SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

8.3
2016-03-17 CVE-2016-2342 Quagga
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.

7.6
2016-03-17 CVE-2016-3191 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre and Pcre2

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

7.5
2016-03-14 CVE-2016-2856 Canonical
Debian
GNU
Permissions, Privileges, and Access Controls vulnerability in multiple products

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk.

7.2

14 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-16 CVE-2016-2846 Siemens 7PK - Security Features vulnerability in Siemens Simatic S7 CPU 1200 Firmware 2.0/3.0/3.0.2

Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.

6.4
2016-03-18 CVE-2016-2281 ABB Permissions, Privileges, and Access Controls vulnerability in ABB Panel Builder 800 5.1

Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.0
2016-03-16 CVE-2016-1991 Microfocus Arbitrary File Download vulnerability in HP ArcSight ESM and ArcSight ESM Express

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

6.0
2016-03-18 CVE-2016-1993 HP Unspecified vulnerability in HP System Management Homepage

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

5.5
2016-03-14 CVE-2016-1731 Apple Cryptographic Issues vulnerability in Apple Software Update

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.

5.0
2016-03-19 CVE-2016-0283 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-03-19 CVE-2016-2287 Xzeres Cross-Site Scripting vulnerability in Xzeres 442Sr OS

Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-03-19 CVE-2015-2286 EDX Information Exposure vulnerability in EDX Open EDX 20150127

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.

4.3
2016-03-18 CVE-2015-5968 Novell Cross-Site Scripting vulnerability in Novell Filr 1.2

Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-03-16 CVE-2016-1990 Microfocus Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.

4.3
2016-03-14 CVE-2016-0208 IBM Improper Access Control vulnerability in IBM Websphere Commerce

IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.

4.3
2016-03-18 CVE-2016-1994 HP Information Exposure vulnerability in HP System Management Homepage

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2016-03-17 CVE-2016-1992 HP Information Exposure vulnerability in HP products

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2016-03-14 CVE-2016-0222 IBM Improper Access Control vulnerability in IBM products

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-18 CVE-2016-3155 Siemens Information Exposure vulnerability in Siemens Apogee Insight

Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.

3.6
2016-03-18 CVE-2016-1996 HP Security Bypass vulnerability in HP System Management Homepage

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

3.6
2016-03-16 CVE-2016-2075 Vmware Cross-Site Scripting vulnerability in VMWare Vrealize Business Advanced and Enterprise

Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-03-16 CVE-2015-2344 Linux
Vmware
Cross-Site Scripting vulnerability in VMWare Vrealize Automation

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-03-14 CVE-2016-0262 IBM Cross-Site Scripting vulnerability in IBM Maximo Asset Management

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5