‘Fancy Bear’ Targets Ukrainian Oil Firm Burisma in Phishing Attack

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-6306
PUBLISHED: 2020-01-14

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

CVE-2020-6307
PUBLISHED: 2020-01-14

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

CVE-2015-4107
PUBLISHED: 2020-01-14

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none.

CVE-2019-19548
PUBLISHED: 2020-01-14

Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

CVE-2020-5193
PUBLISHED: 2020-01-14

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

Source: http://www.darkreading.com

Leave a Reply