Vulnerability Summary for the Week of August 24, 2015 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity actiontec ** .ctiontec /T0123N modems with firmware 2015-08-23 8.3 CVE-2015-2904 CERT-VN +ncs,-+firmware before NC',-*-.0.14 have hardcoded credentials, which ma$es it easier for remote attac$ers to obtain root access by connecting to the web administration interface. adobe ** air 5se*after*free vulnerability in .dobe 6lash Player 2015-08-24 10.0 CVE-2015-5566 CONFIRM (link before -1.0.0.747 on 3indows and 8' 9 and is external) before --.2.2,7.5,1 on Linu;, .dobe .%< before -1.0.,.1==, .dobe .%< '&> before -1.0.0.-==, and .dobe .%< '&> ? om#iler before -1.0.0.1== allows attac$ers to e;ecute arbitrary code via uns#ecified vectors, a different vulnerability than !"*7,-:*:-70, !"*7,-:*:-4,, !"*7,-:* :-42, !"*7,-:*::4=, !"*7,-:*::2,, !"* 7,-:*:::,, !"*7,-:*:::-, !"*7,-:*:::@, !"*7,-:*:::0, !"*7,-:*:::=, !"*7,-:*::@-, !"*7,-:*::@4, !"*7,-:*::@2, and !"*7,-:* ::@:. a#ache ** ta#estry .#ache Ta#estry before :.3.6 relies on client*side 2015-08-22 7.8 CVE-2014-1972 CONFIRM obAect storage without chec$ing whether a client has modified an obAect, which allows remote CONFIRM JVNDB (link is attac$ers to cause a denial of service (resource external) consum#tion) or e;ecute arbitrary code via JVN (link is crafted serialized data. external) a#ache ** activemB The L&.PLoginModule im#lementation the Cava 2015-08-24 7.5 CVE-2014-3612 BID (link is .uthentication and .uthorization 'ervice (C..') external) in .#ache .ctiveMQ :.x before :.1,.1 allows MLIST remote attac$ers to bypass authentication by REDHAT (link is external) logging in with an em#ty #assword and valid REDHAT (link username, which triggers an unauthenticated is external) bind. NOTE: this identifier has been 'PL%T #er CONFIRM .&T7 due to different vulnerability types. 'ee !"*7,-:*@:72 for the use of wildcard operators in usernames. dru#al ** dru#al 'QL inAection vulnerability in the 'QL comment 2015-08-24 7.5 CVE-2015-6659 CONFIRM filtering system in the Database .P% in Dru#al 0.x before 0.3= allows remote attac$ers to e;ecute arbitrary 'QL commands via an 'QL comment. f: ** big* Memory lea$ in the virtual server com#onent in 2015-08-24 7.8 CVE-2015-5058 CONFIRM (link i#+access+#olicy_manage 6: Eig*%P LTM, ..M, .6M, .nalytics, .PM, .'M, is external) r /TM, Lin$ ontroller, and PEM --.:.x before SECTRACK --.5.- H6-,, --.:.3 before H6-, and --.6.0 before (link is external) H6:, E%/*%D loud, &evice, and 'ecurity 2.4.0 through 2.5.0, and E%/*%D .& 2.5.0 allows remote attac$ers to cause a denial of service (memory consum#tion) via a large number of crafted % MP #ac$ets. h# ** 5ns#ecified vulnerability in HP 8#erations 2015-08-22 10.0 CVE-2015-2137 HP (link is operations+manager+i Manager i (OMi) =.27, =.74, =.22, =.2:, -,.0,, and external) -,.0- allows remote attac$ers to e;ecute arbitrary code via un$nown vectors. h# ** hs#aF+gobi+2g The HP lt2--7 LT"GH'P.F /obi 2/ module with 2015-08-27 7.8 CVE-2015-5368 HP (link is firmware before -7.5,,.0,.1:.11,4 on EliteEook, external) ElitePad, Elite, ProBook, '#ectre, HEook, and mt2- Thin lient devices allows remote attac$ers to modify data or cause a denial of service, or e;ecute arbitrary code, via uns#ecified vectors. h# ** HP 'ystems %nsight Manager ('%M) before 0.5.0, 2015-08-26 7.2 CVE-2015-5402 systems+insight+manager as used in HP Matri; 8#erating Environment HP (link is external) before 0.5.0 and other #roducts, allows local HP (link is users to gain #rivileges, and conseBuently obtain external) sensitive information, modify data, or cause a denial of service, via uns#ecified vectors. h# ** HP 'ystems %nsight Manager ('%M) before 0.5.0, 2015-08-26 7.5 CVE-2015-5404 HP (link is systems+insight+manager as used in HP Matri; 8#erating Environment external) before 0.5.0 and other #roducts, allows remote HP (link is attac$ers to obtain sensitive information or external) modify data via uns#ecified vectors. h# ** HP entralView 6raud <is$ Management --.1, 2015-08-22 9.0 CVE-2015-5406 HP (link is centralview_credit+ris$+c --.2, and --.3I entralView <evenue Lea$age external) ontrol ontrol 2.-, 2.2, and 2.4I entralView Dealer Performance .udit 7.0 and 7.1I entralView redit <is$ ontrol 7.1, 7.2, and 7.3I entralView <oaming 6raud ontrol 7.1, 7.2, and 7.3I and entralView 'ubscri#tion 6raud Prevention 7.0 and 7.1 allow remote attac$ers to obtain sensitive information via uns#ecified vectors, a different vulnerability than !"*7,-:*:2,0 and !"*7,-:*:2,1. h# ** Euffer overflow in HP !ersion ontrol <e#ository 2015-08-26 7.5 CVE-2015-5409 HP (link is version+control_re#ositor Manager (! <M) before 0.5.0 allows remote external) y_manager authenticated users to modify data or cause a denial of service via uns#ecified vectors. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5416 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-710:. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5417 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-710@. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5418 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-7100. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5419 -,.24.0.1 and -,.22.x before -,.22.0.1 allows HP (link is external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-710=. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5420 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-711,. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5421 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-711-. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5422 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-7114. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5423 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-7112. h# ** $eyview 5ns#ecified vulnerability in HP >eyView before 2015-08-24 7.5 CVE-2015-5424 HP (link is -,.24.0.1 and -,.22.x before -,.22.0.1 allows external) remote attac$ers to e;ecute arbitrary code via un$nown vectors, a$a H&%* .N-711:. h# ** HP Matri; 8#erating Environment before 0.5.0 2015-08-26 7.5 CVE-2015-5427 HP (link is matri;+operating+environ allows remote attac$ers to obtain sensitive external) ment information or modify data via uns#ecified vectors, a different vulnerability than !"*7,-:* :271 and !"*7,-:*:27=. h# ** HP Matri; 8#erating Environment before 0.5.0 2015-08-26 7.5 CVE-2015-5428 HP (link is matri;+operating+environ allows remote attac$ers to obtain sensitive external) ment information or modify data via uns#ecified vectors, a different vulnerability than !"*7,-:* :270 and !"*7,-:*:27=. h# ** HP Matri; 8#erating Environment before 0.5.0 2015-08-26 7.5 CVE-2015-5429 HP (link is matri;+operating+environ allows remote attac$ers to obtain sensitive external) ment information or modify data via uns#ecified vectors, a different vulnerability than !"*7,-:* :270 and !"*7,-:*:271. h# ** HP !irtual onnect Enter#rise Manager (! EM) 2015-08-26 7.5 CVE-2015-5432 HP (link is virtual_connect+enter#ris '&> before 0.5.0, as used in HP Matri; 8#erating external) e+manager+sd$ Environment before 0.5., and other #roducts, HP (link is allows remote attac$ers to obtain sensitive external) information or modify data via uns#ecified vectors. ibm ** systems+director %EM 'ystems Director :.7.x, @.1.x, @.2.,.x, @.2.1.x, 2015-08-23 7.2 CVE-2015-1992 CONFIRM (link @.3.0.,, @.3.1.x, @.3.2.x, @.4.3.x, @.3.5.0, and @.3.6., is external) im#roperly #rocesses events, which allows local AIXAPAR (link users to gain #rivileges via uns#ecified vectors.