Titanhq: Security Vulnerabilities
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-12-02
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-02
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-12-02
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-02
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-12-02
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.
CVSS Score
2.7
EPSS Score
0.004
Published
2019-12-02
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-06-05
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-01-30
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-03-12
Page 2