Security Vulnerabilities - CVEs Published In July 2021
Windows AppContainer Elevation Of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2021-07-16
Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2021-07-16
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2021-07-16
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-07-16
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually.
CVSS Score
6.1
EPSS Score
0.008
Published
2021-07-16
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-07-16
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-16
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834
CVSS Score
5.9
EPSS Score
0.002
Published
2021-07-16
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-07-16
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-07-16