VARIoT IoT vulnerabilities database

Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8. Juniper JunosE is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Juniper Networks JunosE is an operating system of Juniper Networks (Juniper Networks) running on E series IP edge and broadband service routers. The following versions are affected: Juniper JunosE prior to 13.3.3p0-1, 14.x prior to 14.3.2, and 15.x prior to 15.1.0

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70 Version, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1 Version

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. To this vulnerability ZDI-CAN-2336 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing an improper parameter to the method AttachToSS provided by those controls, an attacker can execute code in the context of the browser. Failed exploit attempts likely result in denial-of-service conditions. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. To this vulnerability ZDI-CAN-2342 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing improper parameters to the methods CopyRange or CopyRangeEx provided by those controls, an attacker can execute code in the context of the browser. An attacker can exploit these issues by enticing an unsuspecting user to view a malicious webpage. Failed exploit attempts likely result in denial-of-service conditions. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. To this vulnerability ZDI-CAN-2344 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By assigning an overly-long value to the DefaultFontName property provided by those controls, an attacker can write attacker-supplied data into memory outside of correct bounds. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. To this vulnerability ZDI-CAN-2343 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing an improper parameter to the method SwapTables provided by those controls, an attacker can execute code in the context of the browser. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Supplementary information : CWE Vulnerability type by CWE-285: Improper Authorization ( Inappropriate authentication ) Has been identified. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and gain unauthorized access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing Authorization Check 1. Impact on Business ===================== By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be restricted and can disclose technical information without having the right access permissions. This information could be used to perform further attacks over the platform. Risk Level: Low 2. Advisory Information ======================= - - Public Release Date: 2014-10-08 - - Subscriber Notification Date: 2014-10-08 - - Last Revised: 2014-08-17 - - Security Advisory ID: ONAPSIS-2013-033 - - Onapsis SVS ID: ONAPSIS-00114 - - Researcher: Nahuel D. S\xe1nchez - - Initial Base CVSS v2: 3.5 (AV:N/AC:M/AU:S/C:P/I:N/A:N) 3. Vulnerability Information ============================ - - Vendor: SAP - - Affected Components: - SAP Netweaver AS ABAP 7.31 (Check SAP Note 1967780 for detailed information on affected releases) - - Vulnerability Class: Improper Authorization (CWE-285) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Detection Module available in Onapsis X1: Yes - - BizRisk Illustration Module available in Onapsis X1: Yes - - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033 4. Affected Components Description ================================== SAP NetWeaver Business Warehouse is a platform that provides business intelligence, analytical, reporting and data warehousing capabilities. It is often used by companies who run their business on SAP's operational systems. BW is part of the SAP NetWeaver platform. 5. Vulnerability Details ======================== The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' does not perform any authorization check prior to retrieving the profile parameter value. 6. Solution =========== SAP has released SAP Note 1967780 which provide patched versions of the affected components. The patches can be downloaded from https://service.sap.com/sap/support/notes/1967780. Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks. 7. 2014-06-10: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis gives organizations the adaptive advantage to succeed in securing business-critical applications by combining technology, research and analytics. Onapsis enables every security and compliance team an adaptive approach to focus on the factors that matter most to their business ? critical applications that house vital data and run business processes. Onapsis provides technology solutions including Onapsis X1, the de-facto SAP security auditing tool which delivers enterprise vulnerability, compliance, detection and response capabilities with analytics. The Onapsis Research Labs provide subject matter expertise that combines in-depth knowledge and experience to deliver technical and business-context with sound security judgment. This enables organizations to efficiently uncover security and compliance gaps and prioritize the resolution within applications running on SAP platforms. Onapsis delivers tangible business results including decreased business risk, highlighted compliance gaps, lower operational security costs and demonstrable value on investment. For further information about our solutions, please contact us at info@onapsis.com and visit our website at www.onapsis.com. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlQ1Q14ACgkQz3i6WNVBcDWY/QCeI9z7i+dPN5uzqebPIrFtswz7 tVgAnidtdPUOtcAvKJu9UHgUH/L6afCl =piFM -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Few technical details are currently available. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04472866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472866 Version: 1 HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CVE-2014-2648, CVE-2014-2649 (SSRT101727) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates can be downloaded from HP Software Support Online (SSO). 9.11.120 server patches: Component Download Location OMHPUX_00004 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188205 ITOSOL_00802 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187924 OML_00080 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187666 9.11.120 Java UI patches: Component Download Location OMHPUX_00005 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187192 ITOSOL_00803 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187435 OML_00081 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188103 9.20.300 server patches: Component Download Location OMHPUX_00006 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188207 ITOSOL_00804 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188065 OML_00082 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188209 HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1TwsACgkQ4B86/C0qfVnkJgCfevd5vzwuHkW/C2VigZXMkDx3 emMAoPo5hL+fb0wuvT/65VDTrqjXDEY1 =TbvC -----END PGP SIGNATURE-----

The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum46027. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program not properly handling SQL REDIRECT packets. The following releases are affected: Cisco ASA Software 7.2 prior to 5.13, 8.2 prior to 8.2(5.50), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.15), 8.5 prior to 8.5(1.21), 8.6( 1.14) before 8.6, 8.7(1.13) before 8.7, 9.0(4.5) before 9.0, 9.1(5.1) before 9.1

The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. Cisco Adaptive Security Appliance (ASA) Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCul36176. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the fact that the program does not process UDP packets correctly

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum96401. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program's improper handling of IKEv2 packets. The following versions are affected: Cisco ASA Software 8.4 prior to 8.4(7.15), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.8), 9.1 prior to 9.1(5.1)

Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum00556. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The following releases are affected: Cisco ASA Software 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.11), 8.5 prior to 8.5(1.19), 8.6 prior to 8.6(1.13), 8.7 prior to 8.7(1.11), 9.0( 4.8) before 9.0, 9.1(4.5) before 9.1

The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum56399. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the program's improper handling of GTP packet sequences. The following releases are affected: Cisco ASA Software 8.2 prior to 5.51, 8.4 prior to 8.4(7.15), 8.7 prior to 8.7(1.13), 9.0 prior to 9.0(4.8), 9.1 prior to 9.1(5.1)

The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCun11074. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program not correctly handling SunRPC packets. The following versions are affected: Cisco ASA Software 7.2 prior to 5.14, 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.5 prior to 8.5(1.21), 8.6( 1.14) before 8.6, 8.7(1.13) before 8.7, 9.0(4.5) before 9.0, 9.1(5.3) before 9.1

The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCuo68327. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program's improper handling of DNS packets. The following releases are affected: Cisco ASA Software 9.0 prior to 9.0(4.13), 9.1 prior to 9.1(5.7), and 9.2 prior to 9.2(2)

The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582. Vendors have confirmed this vulnerability Bug ID CSCuq28582 It is released as.A unit of failover via a crafted packet by a remotely authenticated user (failover-unit) You may get access to. Successfully exploiting this issue may allow an attacker to execute configuration commands to the standby unit through the failover interface. This issue is being tracked by Cisco bug ID CSCuq28582. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. A remote attacker could exploit this vulnerability with a specially crafted packet to gain access to the failover-unit. The following versions are affected: Cisco ASA Software 7.2 prior to 5.15, 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.15), 9.0( Version 9.0 before 4.24), Version 9.1 before 9.1(5.12), Version 9.2 before 9.2(2.6), Version 9.3 before 9.3(1.1)

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574. A local attacker can exploit this issue to gain root privileges. This issue is being tracked by Cisco Bug IDs CSCuq41510 and CSCuq47574. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program not adequately filtering the input submitted by the user. The following versions are affected: Cisco ASA Software 8.7 prior to 8.7(1.14), 9.2 prior to 9.2(2.8), 9.3 prior to 9.3(1.1)

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661. Cisco ASA The software contains a vulnerability that allows it to obtain permission because of a flaw in the processing related to the search path. Cisco Adaptive Security Appliance (ASA) Software is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to inject a malicious library and take complete control of the system. This issue is being tracked by Cisco Bug ID CSCtq52661. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The following versions are affected: Cisco ASA Software 8.x prior to 8.4(3), 8.5 prior to 8.7(1.13), 8.7 prior

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136. Cisco Adaptive Security Appliance (ASA) Software is prone to a memory-corruption vulnerability. Successfully exploiting these issues may allow an attacker to obtain sensitive information, which could lead to a reload of the affected system, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuq29136. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The following versions are affected: Cisco ASA Software 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.15), 9.0 prior to 9.0(4.24), 9.1( 5.12) before 9.1, 9.2(2.8) before 9.2, 9.3(1.1) before 9.3

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. Vendors have confirmed this vulnerability Bug ID CSCup36829 It is released as.By a third party RAMFS Customization objects may be changed. The Cisco ASA 5500 Series Adaptive Security Appliance is a modular platform for providing security and VPN services with firewall, IPS, anti-X, and VPN services. This issue is tracked by Cisco Bug ID CSCup36829. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the program's incorrect implementation of authentication. A remote attacker can exploit this vulnerability to modify RAMFS custom objects. The following versions are affected: Cisco ASA Software 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.24), 9.1( 5.12) prior to 9.1, 9.2(2.4) prior to 9.2