Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Rewterz Threat Advisory – Multiple Adobe Vulnerabilities

October 14, 2021

Rewterz Threat Advisory – ICS: Siemens SINUMERIK Controllers

October 14, 2021

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-42009

Apache Apache Traffic Control could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint, an attacker could exploit this vulnerability to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address.

CVE-2021-38295

Apache CouchDB could allow a remote attacker to gain elevated privileges on the system, caused by improper input validation. By persuading a victim to open specially-crafted content, an authenticated attacker could exploit this vulnerability to gain elevated privileges to add or remove data in any database or make configuration changes.

Impact

Security Bypass
Privilege Escalation

Affected Vendors

Apache

Affected Products

Apache Traffic Control 5.1.2
Apache CouchDB 3.0.0
Apache CouchDB 3.1.1

Remediation

Upgrade to the latest version of Apache Traffic Contro, available from the Apache Web site.

http://couchdb.apache.org/

Rewterz Threat Advisory – Multiple Adobe Vulnerabilities

Rewterz Threat Advisory – ICS: Siemens SINUMERIK Controllers

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Severity

Analysis Summary

CVE-2021-42009

CVE-2021-38295

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan