誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Oracle WebLogic Server. The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. This vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Oracle WebLogic Server 10.3.6.0.0
Oracle WebLogic Server 12.1.3.0.0
Oracle WebLogic Server 12.2.1.3.0
Oracle WebLogic Server 12.2.1.4.0
Oracle WebLogic Server 14.1.1.0.0
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuoct2020.html
Highest Score:72 (2020/11/03)
脆弱性情報:Har-sia CVE-2020-14750
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Highest Score:42 (2020/11/05)
脆弱性情報:Har-sia CVE-2020-14871
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Oracle WebLogic Server. The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. This vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Oracle WebLogic Server 10.3.6.0.0
Oracle WebLogic Server 12.1.3.0.0
Oracle WebLogic Server 12.2.1.3.0
Oracle WebLogic Server 12.2.1.4.0
Oracle WebLogic Server 14.1.1.0.0
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuoct2020.html
Highest Score:132 (2020/10/30)
脆弱性情報:Har-sia CVE-2020-14882
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
This indicates an attack attempt to exploit an Remote Command Injection vulnerability in MobileIron.The vulnerability is due to insufficient sanitizing of user-supplied input. An attacker can exploit this issue to inject arbitrary code, which will be executed in the target user's system.
MobileIron Core and Connector versions 10.6 and earlier
Sentry versions 9.8 and earlier
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
Highest Score:55 (2020/11/25)
脆弱性情報:Har-sia CVE-2020-15505
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Highest Score:50 (2020/11/04)
脆弱性情報:Har-sia CVE-2020-16009
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Highest Score:39 (2020/11/12)
脆弱性情報:Har-sia CVE-2020-16013
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Windows Kernel Local Elevation of Privilege Vulnerability
Highest Score:57 (2020/11/03)
脆弱性情報:Har-sia CVE-2020-17087
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Git LFS 2.12.0 allows Remote Code Execution.
Highest Score:48 (2020/11/06)
脆弱性情報:Har-sia CVE-2020-27955
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Highest Score:101 (2020/11/24)
脆弱性情報:Har-sia CVE-2020-4006
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
計9件
Tweet