In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 08-09, 2024.
During this period, The National Vulnerability Database published 106, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 4
Medium: 19
Low: 6
Severity Not Assigned: 76
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-26313
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release.
References: https://archerirm.com
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/717102
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-2282
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md
https://vuldb.com/?ctiid.256049
https://vuldb.com/?id.256049
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-21899
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-09
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-2338
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
References: https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-2339
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
References: https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 08-09, 2024.
During this period, The National Vulnerability Database published 106, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 4
Medium: 19
Low: 6
Severity Not Assigned: 76
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-26313
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release.
References: https://archerirm.com
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/717102
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-2282
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md
https://vuldb.com/?ctiid.256049
https://vuldb.com/?id.256049
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-21899
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-09
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-2338
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
References: https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-2339
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
References: https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found