2018-AUG-01 FSL version 7.6.39 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 23631 - (CTX234869) Citrix NetScaler Remote Code Execution Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-7218 Description A vulnerability is present in some versions of Citrix NetScaler. Observation Citrix NetScaler is a widely used product that helps enterprises to protect, control and improve their services. A vulnerability is present in some versions of Citrix NetScaler. The flaw lies in the AppFirewall feature. Successful exploitation could allow an attacker to remotely execute arbitrary code on the target system. 23890 - IBM DB2 Format String Vulnerability (swg22016182) Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-1566 Description A vulnerability is present in some versions of IBM DB2. Observation IBM DB2 is a popular relational database management server. A vulnerability is present in some versions of IBM DB2. The flaw is due to improper usage of format string. Successful exploitation could allow a local attacker to execute arbitrary code or to gain elevated privileges on the target system. 23913 - Oracle WebLogic Server Critical Patch Update July 2018 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-1275, CVE-2018-2893, CVE-2018-2894, CVE-2018-2933, CVE-2018-2935, CVE-2018-2987, CVE-2018-2998, CVE- 2018-7489 Description Multiple vulnerabilities are present in some versions of Oracle WebLogic Server. Observation Oracle WebLogic Server is a Java EE application server. Multiple vulnerabilities are present in some versions of Oracle WebLogic Server. The flaws lie in several components. Successful exploitation could allow an attacker to affect confidentiality, integrity or availability of the target system. 23910 - Oracle WebCenter Portal Critical Patch Update July 2018 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-3101, CVE-2018-7489 Description Multiple vulnerabilities are present in some versions of Oracle WebCenter Portal. Observation Oracle WebCenter Portal is a web platform that helps organizations in fast and easy creation of intranets, extranets, composite applications, and self-service portals. Multiple vulnerabilities are present in some versions of Oracle WebCenter Portal. The flaws lie in multiple components. Successful exploitation could allow an attacker to execute arbitrary code or retrieve sensitive information. 23011 - Oracle WebLogic Server Critical Patch Update January 2018 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-10352, CVE-2017-5645, CVE-2018-2625 Description Multiple vulnerabilities are present in some versions of Oracle WebLogic Server. Observation Oracle WebLogic Server is a Java EE application server. Multiple vulnerabilities are present in some versions of Oracle WebLogic Server. The flaws lie in several components. Successful exploitation could allow an attacker to affect confidentiality, integrity or availability of the target system. 23903 - WordPress Multiple Vulnerabilities Prior To 4.9.5 Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-MAP-NOMATCH Description Multiple vulnerabilities are present in some versions of WordPress. Observation WordPress is a popular blog application. Multiple vulnerabilities are present in some versions of WordPress. The flaws lie in multiple components. Successful exploitation could allow an attacker to to bypass security access restrictions in the target system. 23909 - Apache HTTP Server Vulnerabilities Prior To 2.4.34 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-1333, CVE-2018-8011 Description Multiple vulnerabilities are present in some versions of Apache HTTP Server. Observation Apache HTTP Server is an open source web server. Multiple vulnerabilities are present in some versions of Apache HTTP Server. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service condition. 23914 - (SB10242) McAfee Drive Encryption Authentication Bypass Vulnerability Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-6686 Description A vulnerability is present in some versions of McAfee Drive Encryption. Observation McAfee Drive Encryption is a full disk encryption software used to protect valuable data on windows tablets, laptops and desktops with strong access control mechanisms. A vulnerability is present in some versions of McAfee Drive Encryption. The flaw lies in Trusted Platform Module (TPM) autoboot feature. Successful exploitation could allow a physically proximate attacker to bypass security protections. 23922 - Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities (cisco-sa-20180718-webex-rce) Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-0379 Description Remote code execution vulnerabilities are present in some versions of Cisco WebEx Network Recording Players. Observation Cisco WebEx Network Recording Players are used to play WebEx sessions in ARF or WRF formats. Remote code execution vulnerabilities are present in some versions of Cisco WebEx Network Recording Players. The flaws lie in Cisco Webex Network Recording Player for ARF and Webex Recording Format. Successful exploitation could allow an attacker to execute remote code on the target system. 146888 - SuSE Linux 15.0 openSUSE-SU-2018:2122-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-0495 Description The scan detected that the host is missing the following update: openSUSE-SU-2018:2122-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2018-07/msg00080.html SuSE Linux 15.0 x86_64 libgcrypt20-hmac-1.8.2-lp150.5.3.1 libgcrypt20-debuginfo-1.8.2-lp150.5.3.1 libgcrypt-devel-32bit-1.8.2-lp150.5.3.1 libgcrypt20-hmac-32bit-1.8.2-lp150.5.3.1 libgcrypt-cavs-debuginfo-1.8.2-lp150.5.3.1 libgcrypt-cavs-1.8.2-lp150.5.3.1 libgcrypt-devel-debuginfo-1.8.2-lp150.5.3.1 libgcrypt-devel-1.8.2-lp150.5.3.1 libgcrypt20-32bit-1.8.2-lp150.5.3.1 libgcrypt20-1.8.2-lp150.5.3.1 libgcrypt-devel-32bit-debuginfo-1.8.2-lp150.5.3.1 libgcrypt-debugsource-1.8.2-lp150.5.3.1 libgcrypt20-32bit-debuginfo-1.8.2-lp150.5.3.1 i586 libgcrypt20-1.8.2-lp150.5.3.1 libgcrypt-debugsource-1.8.2-lp150.5.3.1 libgcrypt20-hmac-1.8.2-lp150.5.3.1 libgcrypt-devel-1.8.2-lp150.5.3.1 libgcrypt-cavs-1.8.2-lp150.5.3.1 libgcrypt20-debuginfo-1.8.2-lp150.5.3.1 libgcrypt-cavs-debuginfo-1.8.2-lp150.5.3.1 libgcrypt-devel-debuginfo-1.8.2-lp150.5.3.1 146889 - SuSE SLES 11 SP4 SUSE-SU-2018:2142-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-14348 Description The scan detected that the host is missing the following update: SUSE-SU-2018:2142-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2018-July/004358.html SuSE SLES 11 SP4 i586 libcgroup1-0.41.rc1-7.1 x86_64 libcgroup1-0.41.rc1-7.1 146890 - SuSE Linux 15.0 openSUSE-SU-2018:2129-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-0732 Description The scan detected that the host is missing the following update: openSUSE-SU-2018:2129-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2018-07/msg00087.html SuSE Linux 15.0 i586 openssl-1_0_0-debugsource-1.0.2n-lp150.2.3.1 libopenssl1_0_0-debuginfo-1.0.2n-lp150.2.3.1 libopenssl1_0_0-steam-1.0.2n-lp150.2.3.1 openssl-1_0_0-1.0.2n-lp150.2.3.1 libopenssl1_0_0-hmac-1.0.2n-lp150.2.3.1 openssl-1_0_0-cavs-1.0.2n-lp150.2.3.1 libopenssl1_0_0-steam-debuginfo-1.0.2n-lp150.2.3.1 libopenssl-1_0_0-devel-1.0.2n-lp150.2.3.1 libopenssl1_0_0-1.0.2n-lp150.2.3.1 openssl-1_0_0-cavs-debuginfo-1.0.2n-lp150.2.3.1 openssl-1_0_0-debuginfo-1.0.2n-lp150.2.3.1 noarch openssl-1_0_0-doc-1.0.2n-lp150.2.3.1 x86_64 libopenssl1_0_0-steam-1.0.2n-lp150.2.3.1 openssl-1_0_0-debugsource-1.0.2n-lp150.2.3.1 openssl-1_0_0-1.0.2n-lp150.2.3.1 libopenssl1_0_0-hmac-1.0.2n-lp150.2.3.1 libopenssl1_0_0-steam-32bit-1.0.2n-lp150.2.3.1 libopenssl1_0_0-32bit-1.0.2n-lp150.2.3.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2n-lp150.2.3.1 openssl-1_0_0-debuginfo-1.0.2n-lp150.2.3.1 openssl-1_0_0-cavs-debuginfo-1.0.2n-lp150.2.3.1 libopenssl1_0_0-1.0.2n-lp150.2.3.1 libopenssl1_0_0-debuginfo-1.0.2n-lp150.2.3.1 libopenssl-1_0_0-devel-1.0.2n-lp150.2.3.1 libopenssl-1_0_0-devel-32bit-1.0.2n-lp150.2.3.1 libopenssl1_0_0-steam-debuginfo-1.0.2n-lp150.2.3.1 libopenssl1_0_0-hmac-32bit-1.0.2n-lp150.2.3.1 openssl-1_0_0-cavs-1.0.2n-lp150.2.3.1 libopenssl1_0_0-32bit-debuginfo-1.0.2n-lp150.2.3.1 146891 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:2143-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-14348 Description The scan detected that the host is missing the following update: SUSE-SU-2018:2143-1 Observation Updates often remediate critical security problems that should be quickly addressed.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages102 Page
-
File Size-