Rewterz Threat Advisory – Multiple Adobe Vulnerabilities
October 14, 2021Rewterz Threat Advisory – ICS: Siemens SINUMERIK Controllers
October 14, 2021Rewterz Threat Advisory – Multiple Adobe Vulnerabilities
October 14, 2021Rewterz Threat Advisory – ICS: Siemens SINUMERIK Controllers
October 14, 2021Severity
Medium
Analysis Summary
CVE-2021-42009
Apache Apache Traffic Control could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint, an attacker could exploit this vulnerability to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address.
CVE-2021-38295
Apache CouchDB could allow a remote attacker to gain elevated privileges on the system, caused by improper input validation. By persuading a victim to open specially-crafted content, an authenticated attacker could exploit this vulnerability to gain elevated privileges to add or remove data in any database or make configuration changes.
Impact
- Security Bypass
- Privilege Escalation
Affected Vendors
Apache
Affected Products
- Apache Traffic Control 5.1.2
- Apache CouchDB 3.0.0
- Apache CouchDB 3.1.1
Remediation
Upgrade to the latest version of Apache Traffic Contro, available from the Apache Web site.