XenonStack Recommends

Security Intelligence

CVE-2019-11581 and CVE-2020-8218: Code Execution Vulnerability

Parveen Bhandari | 11 August 2022

Subscription

XenonStack White Arrow

Thanks for submitting the form.

What is CVE-2019-11581?

Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability

In Jira Server and Data Center, there was a server-side template injection vulnerability in the contact administrators and send bulk mail actions.

At least one of the following requirements must be met for this vulnerability to be exploitable: Either Jira has been configured with an SMTP server and the Contact Administrators Form has been enabled; or In Jira, an SMTP server has been established and an attacker has access to "JIRA Administrators". Attackers can exploit this flaw without authentication. In the second situation, attackers with access to "JIRA Administrators" can use the flaw. In either scenario, successfully exploiting this vulnerability allows an attacker to execute code remotely on systems running a vulnerable version of Jira Server or Data Center.

CVE ID CVE-2019-11581
Vulnerability Name Atlassian Jira Server and Data Center Server-Side  Template   Injection Vulnerability
Vendor Atlassian
Product Jira Server and Data Center
Date added to the catalog 2022-03-07
Description A server-side template injection vulnerability in Atlassian Jira Server and Data Center allows for remote code execution.
Severity (out of 10) 9.8
Impact All the Jira Server version and data center versions from 4.4.0 to 7.6.14, from 7.7.0 to 7.13.5, from 8.0.0 to 8.0.3, from 8.1.0 to 8.2.0 are impacted by the vulnerability.
Remediation Jira has released fixes for versions 7.6.14, 7.13.5, 8.0.3, 8.1.2 and 8.2.3. These fixes are available at the Jira site.
Cyber Security Services
End-to-End Proactive Solutions for empowering Advanced Threat Protection and Intelligence with Real-Time Analytics, Cyber Security Services

What is CVE-2020-8218?

Pulse Connect Secure Code Injection Vulnerability

This vulnerability allows an unauthenticated user to execute remote arbitrary code (RCE). Pulse Connect Secure 9.1R8 has a code injection vulnerability that allows an attacker to create a URI and execute arbitrary code via the admin web interface. Although the exploit requires admin access authentication, the admin may activate it by merely clicking on a malicious link.

The admin portal's downloadlicenses.cgi file contains a command injection vulnerability.
Though successful vulnerability exploitation necessitates administrator privileges, the quickest way to scam administrative rights is to send an email containing a link to a malicious URL and entice the recipient to click on it.

VPNs have become increasingly crucial and relevant during the shutdown, allowing enterprises to secure corporate communications and verify users. Although the authentication was accomplished through a phishing link, the CVE-2020-8218 vulnerability should not be overlooked.

CVE ID CVE-2020-8218
Vulnerability Name Pulse Connect Secure Code Injection Vulnerability
Vendor Pulse Secure
Product Pulse Connect Secure
Date added to the catalog 2022-03-07
Description Pulse Connect Secure has a code injection vulnerability that allows an attacker to create a URI and execute arbitrary code via the admin web interface.
Severity (out of 10) 7.2 (High)
Impact This vulnerability affects Pulse Connect Secure and Pulse Policy secure.
Remediation This vulnerability can be patched by updating Pulse Connect Secure (PCS) 9.1R8 or Pulse Policy Secure (PPS) 9.1R8.

Explore the Recently Discovered Critical Vulnerabilities and their Remediations