Detectify security updates for December 14

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from November 30 – December 11.

CVE-2020-17530: Apache Struts 2 RCE

Apache Struts (2.5.25 or earlier) is prone to a remote code execution vulnerability. In some cases, some tag attributes could perform a double OGNL evaluation on untrusted user input, which could lead to a remote code execution condition. An attacker would be able to execute system commands on the server.

CVE-2020-26073: Cisco SD-WAN vManage Local File Inclusion

This module looks for an unauthenticated local file inclusion vulnerability in Cisco’s SD-WAN software vManage. An attacker can download arbitrary files from the server and thus access sensitive information.

CVE-2018-20966: WordPress Plugin “Jetpack for WooCommerce” XSS

This module searches for a reflected XSS vulnerability in the woocommerce-jetpack plugin before 3.8.0 for WordPress. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

ArcGIS REST Services SQL Injection

This module looks for a blind SQL injection vulnerability in ArcGIS REST Services. An attacker can use this flaw to read data stored in the database.

CVE-2020-4463: IBM Maximo XXE

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 are vulnerable to an XML External Entity Injection (XXE) attack. On successful exploitation, an attacker could get access to sensitive information.

Prototype Pollution

We have added new functionality to our scanner that allows us to detect prototype pollution vulnerabilities. We have added a number of modules to detect this vulnerabilities in various technologies such as:

• Adobe Dynamic Tag Management Prototype Pollution XSS
• Akamai Boomerang Prototype Pollution XSS
• Backbone.js Prototype Pollution XSS
• Embedly Cards Prototype Pollution XSS
• Google reCAPTCHA Prototype Pollution XSS
• jQuery Prototype Pollution XSS
• Lodash (4.17.15 or earlier) Prototype Pollution XSS
• Segment Analytics Prototype Pollution XSS
• Swiftype Site Search Prototype Pollution XSS
• Tealium Universal Tag Prototype Pollution XSS
• Google reCAPTCHA Prototype Pollution XSS
• Zepto.js Prototype Pollution XSS

For more information on prototype pollution, please visit: https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications.