Rewterz Threat Advisory – IBM Sterling External Authentication and WebSphere Application Server Vulnerabilities
February 25, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
February 25, 2022Rewterz Threat Advisory – IBM Sterling External Authentication and WebSphere Application Server Vulnerabilities
February 25, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
February 25, 2022Severity
High
Analysis Summary
CVE-2016-10735; CVE-2018-14040; CVE-2018-14042; CVE-2018-20676; CVE-2019-8331; CVE-2020-11022; CVE-2020-11023
Multiple vulnerabilities due to cross-site scripting exist in the Energy Saving Data Collecting Server (EcoWebServerIII), which may result in information disclosure or information tampering of the product.
CVE-2017-18214
A vulnerability due to uncontrolled resource consumption exists in Energy Saving Data Collecting Server (EcoWebServerIII), which may result in a denial-of-service condition.
CVE-2020-7746
A vulnerability due to improperly controlled modification of dynamically determined object attributes exists in Energy Saving Data Collecting Server (EcoWebServerIII), which may result in a denial-of-service condition.
Impact
- Information Disclosure
- Denial-of-Service
- Information Tampering
Indicators of Compromise
CVEs
- CVE-2016-10735
- CVE-2018-14040
- CVE-2018-14042
- CVE-2018-20676
- CVE-2019-8331
- CVE-2020-11022
- CVE-2020-11023
- CVE-2017-18214
- CVE-2020-7746
Affected Vendors
Mitsubishi Electric
Affected Products
- Energy Saving Data Collecting Server (EcoWebServerIII)
Remediation
Visit the vendor website to update the patches or implement the required workarounds: