Dashboard Content Enhancements (#4289)

Dashboard content enhancements.
2022-05-02 17:50:47 -04:00 · 2022-05-02 17:50:47 -04:00 · 03b7a5f0fe
parent 58de44b9d4
commit 03b7a5f0fe
13 changed files with 57 additions and 38 deletions
--- a/cves/2021/CVE-2021-34473.yaml
+++ b/cves/2021/CVE-2021-34473.yaml
@ -1,19 +1,21 @@
 id: CVE-2021-34473

 info:
-  name: Exchange Server SSRF (ProxyShell)
+  name: Exchange Server - Remote Code Execution
  author: arcc,intx0x80,dwisiswant0,r3dg33k
  severity: critical
  description: |
-    Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
+    Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
  reference:
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
    - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
    - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-34473
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-34473
+  remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version.
  tags: cve,cve2021,ssrf,rce,exchange

 requests:
@ -29,3 +31,5 @@ requests:
        words:
          - "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException"
          - "Exchange MAPI/HTTP Connectivity Endpoint"
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-34621.yaml
+++ b/cves/2021/CVE-2021-34621.yaml
@ -1,13 +1,13 @@
 id: CVE-2021-34621

 info:
-  name: WordPress ProfilePress wp-user-avatar plugin make admin users
+  name: WordPress ProfilePress  3.0.0-3.1.3 - Admin User Creation Weakness
  author: 0xsapra
  severity: critical
-  description: A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator.
-    This issue affects versions 3.0.0 - 3.1.3. .
+  description: ProfilePress WordPress plugin  is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator.
  reference:
    - https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-34621
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -106,3 +106,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-35336.yaml
+++ b/cves/2021/CVE-2021-35336.yaml
@ -1,10 +1,10 @@
 id: CVE-2021-35336

 info:
-  name: Unauthorised Remote Access of Internal Panel
+  name: Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
  author: Pratik Khalane
  severity: critical
-  description: Finding the Tieline Admin Panels with default credentials.
+  description: Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.
  reference:
    - https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35336
@ -40,3 +40,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-35464.yaml
+++ b/cves/2021/CVE-2021-35464.yaml
@ -1,16 +1,17 @@
 id: CVE-2021-35464

 info:
-  name: Pre-auth RCE in ForgeRock OpenAM
+  name: ForgeRock OpenAM <7.0 - Remote Code Execution
  author: madrobot
  severity: critical
  description: |
    ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
    The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted
    /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)
-    found in versions of Java 8 or earlier
+    found in versions of Java 8 or earlier.
  reference:
    - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35464
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -43,3 +44,5 @@ requests:
          - "openam/ccversion/Masthead.jsp"
        part: body
        condition: or
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-35587.yaml
+++ b/cves/2021/CVE-2021-35587.yaml
@ -1,11 +1,11 @@
 id: CVE-2021-35587

 info:
-  name: Pre-auth RCE in Oracle Access Manager
+  name: Oracle Access Manager - Remote Code Execution
  author: cckuailong
  severity: critical
  description: |
-    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.
+    The Oracle Access Manager  portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager.
  reference:
    - https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35587
@ -41,3 +41,5 @@ requests:
        part: body
        words:
          - "/oam/pages/css/general.css"
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-3577.yaml
+++ b/cves/2021/CVE-2021-3577.yaml
@ -1,10 +1,10 @@
 id: CVE-2021-3577

 info:
-  name: Motorola Baby Monitors Unauthenticated RCE
+  name: Motorola Baby Monitors - Remote Command Execution
  author: gy741
  severity: critical
-  description: Vulnerabilities in the interface of Motorola Baby Monitors could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  description: Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
  reference:
    - https://randywestergren.com/unauthenticated-remote-code-execution-in-motorola-baby-monitors/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3577
@ -36,3 +36,5 @@ requests:
      - type: word
        words:
          - "set_city_timezone"
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-36260.yaml
+++ b/cves/2021/CVE-2021-36260.yaml
@ -1,11 +1,10 @@
 id: CVE-2021-36260

 info:
-  name: Hikvision IP camera/NVR - Unauthenticated RCE
+  name: Hikvision IP camera/NVR - Remote Command Execution
  author: pdteam,gy741
  severity: critical
-  description: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack
-    by sending some messages with malicious commands.
+  description: Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
  reference:
    - https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
    - https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
@ -45,3 +44,5 @@ requests:
      - type: regex
        regex:
          - "(u|g)id=.*"
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-36380.yaml
+++ b/cves/2021/CVE-2021-36380.yaml
@ -1,13 +1,13 @@
 id: CVE-2021-36380

 info:
-  name: Sunhillo SureLine - Unauthenticated OS Command Injection
+  name: Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection
  author: gy741
  severity: critical
-  description: The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input.
-    The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
+  description: "Sunhillo SureLine <8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session."
  reference:
    - https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-36380
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -28,3 +28,5 @@ requests:
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-37538.yaml
+++ b/cves/2021/CVE-2021-37538.yaml
@ -1,19 +1,18 @@
 id: CVE-2021-37538

 info:
-  name: PrestaShop SmartBlog SQL Injection
+  name: PrestaShop SmartBlog <4.0.6- SQL Injection
  author: whoever
  severity: critical
  description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.
  reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37538
    - https://blog.sorcery.ie/posts/smartblog_sqli/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-37538
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-37538
    cwe-id: CWE-89
-  remediation: Apply the fix.
  tags: cve,cve2021,prestashop,smartblog,sqli

 requests:
@ -32,4 +31,4 @@ requests:
          - "c5fe25896e49ddfe996db7508cf00534"
        part: body

-# Enhanced by mp on 2022/02/08
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-37580.yaml
+++ b/cves/2021/CVE-2021-37580.yaml
@ -1,10 +1,10 @@
 id: CVE-2021-37580

 info:
-  name: Apache ShenYu Admin JWT authentication bypass
+  name: Apache ShenYu Admin JWT - Authentication Bypass
  author: pdteam
  severity: critical
-  description: A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
+  description: Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-37580
    - https://github.com/fengwenhua/CVE-2021-37580
@ -34,3 +34,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-38647.yaml
+++ b/cves/2021/CVE-2021-38647.yaml
@ -1,7 +1,7 @@
 id: CVE-2021-38647

 info:
-  name: Microsoft Open Management Infrastructure Remote Code Execution
+  name: Microsoft Open Management Infrastructure - Remote Code Execution
  author: daffainfo,xstp
  severity: critical
  description: Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).
@ -68,4 +68,4 @@ requests:
          - 'uid=0(root) gid=0(root) groups=0'
        condition: and

-# Enhanced by mp on 2022/03/28
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-39226.yaml
+++ b/cves/2021/CVE-2021-39226.yaml
@ -1,12 +1,12 @@
 id: CVE-2021-39226

 info:
-  name: Grafana Snapshot Authentication Bypass
+  name: Grafana Snapshot - Authentication Bypass
  author: Evan Rubinstein
  severity: critical
-  description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key.
+  description: "Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key.
    If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints
-    /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
+    /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default)."
  reference:
    - https://github.com/advisories/GHSA-69j6-29vr-p3j9
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39226
@ -15,8 +15,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2021-39226
    cwe-id: CWE-200
-  remediation: 'This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key,
-    and /api/snapshots/:key. They have no normal function and can be disabled without side effects.'
+  remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key,
+    and /api/snapshots/:key. They have no normal function and can be disabled without side effects."
  tags: cve,cve2021,grafana

 requests:
@ -34,4 +34,4 @@ requests:
        words:
          - '"isSnapshot":true'

-# Enhanced by cs on 2022/02/22
+# Enhanced by mp on 2022/05/02
--- a/cves/2021/CVE-2021-40323.yaml
+++ b/cves/2021/CVE-2021-40323.yaml
@ -1,7 +1,7 @@
 id: CVE-2021-40323

 info:
-  name: Cobbler <3.3.0 Remote Code Execution
+  name: Cobbler <3.3.0 - Remote Code Execution
  author: c-sh0
  severity: critical
  description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.
@ -96,4 +96,4 @@ requests:
          - "nobody:.*:99"
        condition: or

-# Enhanced by mp on 2022/03/16
+# Enhanced by mp on 2022/05/02