Detectify Security Updates for November 16

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Surface Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner.

Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from November 2 – November 13.

CVE-2020-14750: Oracle Weblogic RCE

This module tests for a RCE vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. If vulnerable, an attacker will be able to execute arbitrary commands on the application.

CVE-2020-13485: Craft CMS Plugin “Knock Knock” Bypass

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. On successful exploitation, an attacker can bypass the password protection mechanism.

CVE-2019-13335: SalesAgility SuiteCRM SSRF

SalesAgility SuiteCRM versions 7.10.x, 7.10.19 and 7.11.x before and 7.11.7 are vulnerable to SSRF. On successful exploitation, an unauthenticated attacker will be able to send requests on behalf of the affected service. It may be possible to reach systems on the same intranet as the affected application.

CVE-2020-12283: Sourcegraph Open Redirect

Sourcegraph versions before 3.15.1 are vulnerable to open redirects. An attacker can redirect visitors to origins under the attackers control.

CVE-2018-16341: Nuxeo RCE via SSTI

This module tests for a RCE vulnerability via SSTI in Nuxeo versions < 10.3. If vulnerable, an attacker will be able to execute arbitrary commands on the application.

OSGi Web-Console Default Credentials

This module looks for default credentials in OSGi Management Console which comes bundled with or is usually installed for software such as Apache Karaf and Apache Sling often through Apache Felix Web Management Console. An attacker can read sensitive information about the system as well as configuring, adding or removing bundles in the system.

SAP NetWeaver Default Credentials

This module searches for instances of SAP NetWeaver that use default credentials. An attacker would be able to get unlimited access to any business data stored in the system.

CVE-2020-14183: Atlassian Products SEN Disclosure via HTTP Response Headers

This module searches for an information disclosure vulnerability in Atlassian products. An attacker can create support issues using the Support Entitlement Number (SEN).

CVE-2020-25540: ThinkAdmin Directory Traversal

This module searches for a directory traversal vulnerability in ThinkAdmin v6. On successful exploitation, an attacker can download arbitrary files from the server.

CVE-2020-1147: Sharepoint RCE

This module tests for a RCE vulnerability in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.