New Signatures Released by Qualys WAS, April 2022

John Delaroderie

The Qualys Web Application Security (WAS) team has released a new series of signatures to report the vulnerabilities in the following 6 frameworks: WordPress, Drupal, phpMyAdmin, Atlassian, WebLogic and Adobe. Organizations can immediately audit their networks for these 22 vulnerabilities.

WordPress

QID 150493 – WordPress PHP Everywhere Plugin : Remote Code Execution Vulnerabilities (CVE-2022-24663, CVE-2022-24664, CVE-2022-24665)
PHP Everywhere has functionality that allows unprivileged users to run arbitrary PHP code on a website by making a request with the shortcode parameter set to ‘PHP Everywhere.’  This vulnerability could potentially allow a malicious actor to gain control over a site.

QID 150486 – WordPress Booster for WooCommerce Plugin: Authentication Bypass Vulnerability (CVE-2021-34646)
The Booster for WooCommerce WordPress plugin is vulnerable to authentication bypass. This vulnerability allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts. The attacker can then leverage this vulnerability for account takeovers and log into vulnerable websites.

QID 150485 WordPress Booster for WooCommerce Plugin: Multiple Reflected Cross-Site Scripting Vulnerabilities (CVE-2021-24999, CVE-2021-25000, CVE-2021-25001)
The plugin is vulnerable to Reflected Cross-Site Scripting. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive browser-based information.

QID 150484 WordPress WooCommerce PDF Invoices and Packing Slips Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2021-24991)
The plugin is vulnerable to Reflected Cross-Site Scripting in the admin dashboard. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive browser-based information.

QID 150483 WordPress WPS Hide Login Plugin: Protection Bypass with Referrer-Header Vulnerability (CVE-2021-24917)
The plugin has a bug which allows users to get the secret login page by setting a random referrer string and making a request as an unauthenticated user.

QID 150482 WordPress Everest Forms Plugin: Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2021-24907)
The plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting vulnerability.

Drupal

QID 154105 Drupal Core Improper Input Validation Vulnerability (SA-CORE-2022-003)
Affected versions of this package are vulnerable to Improper Input Validation via certain forms in the form API.

QID 154104 Drupal Core Information Disclosure Vulnerability (SA-CORE-2022-004)
The Quick Edit module does not properly check entity access. This could potentially allow users with the “access in-place editing” permission to view content they are not authorized to access.

phpMyAdmin

QID 150480 Improper Handling of XML Functions in PHP (CVE-2021-21707)
Due to insufficient validation of user-supplied input, a remote attacker can pass specially crafted URLs to the application and bypass implemented security restrictions.

QID 150490 phpMyAdmin Cross-Site Scripting (XSS) Vulnerability (CVE-2022-23808)
This vulnerability, if exploited, allows a cross-site scripting attack when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

Atlassian

QID 150492 Atlassian Jira Server Cross-Site Request Forgery (CSRF) vulnerability (JRASERVER-73170/CVE-2021-43953)
The installed version of Jira Atlassian Server allows remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability.

QID 150489 Atlassian Jira Server Cross-Site Request Forgery (CSRF) vulnerability (JRASERVER-73073/CVE-2021-43941)
This vulnerability could allow remote attackers to modify several resources via a Cross-Site Request Forgery (CSRF) vulnerability in the Jira-importers plugin.

QID 150488 Atlassian Jira Server Email Template Injection to RCE Vulnerability (JRASERVER-73067/CVE-2021-43941)
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources via a Cross-Site Request Forgery (CSRF) vulnerability in the Jira-importers-plugin. 

QID 150487 Atlassian Jira Server Multiple Vulnerabilities (JRASERVER-73071/CVE-2021-43946, JRASERVER-73138/CVE-2021-43952)
The exploitation of this vulnerability can allow anonymous users to attack vulnerable JIRA instances that could cause remote code execution, the disclosure of private files, or execute a denial-of-service attack against the JIRA server.

QID 150479 Atlassian Jira Server Improper Authentication Vulnerability (JRASERVER-72801/CVE-2021-41312)
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker, who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability.

Oracle

QID 150481 Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2022)
The Oracle WebLogic Server component in Oracle Fusion Middleware for versions 12.2.1.4.0 and 14.1.1.0.0 has fixes for multiple vulnerabilities.

QID 150477 Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2021)
This vulnerability allows unauthenticated attackers with network access to compromise the vulnerable Oracle WebLogic Server.

Adobe 

QID 150426 Adobe Experience Manager: SSRF via Salesforce Secret Servlet 
A Server-Side Request Forgery vulnerability has been discovered in an AEM path that can be abused to leak IAM instance role credentials from the AWS or Azure instance metadata service. This vulnerability is found within the Salesforce MCM bundle.

QID 150427 Adobe Experience Manager: SSRF via Reporting Services Servlet 
This vulnerability can lead to SSRF attacks where the intruders can reach the publisher bypassing the dispatcher.

QID 150428 Adobe Experience Manager: SSRF via Site Catalyst Servlet 
An SSRF vulnerability in an application can allow an attacker to communicate or interact with an otherwise unreachable or unauthorized service.

QID 150429 Adobe Experience Manager: SSRF via Auto Provisioning Servlet 
When SSRF vulnerability via AutoProvisioningServlet is present, there is a potential for arbitrary remote code execution.

QID 150430 Adobe Experience Manager: SSRF via OpenSocial
An SSRF vulnerability via OpenSocial can allow an attacker to communicate or interact with an otherwise unreachable or unauthorized service. A successful attack may cause the application to disclose sensitive information to the attacker or to induce the application to retrieve and process malicious content.

If you have any questions, please contact your TAM (Technical Account Manager) or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published.