Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for March 04, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

  • Atlassian Jira Custom Fields Cross Site Scripting Vulnerability (CVE-2020-36234)
  • Atlassian Jira importers-plugin Cross-Site Request Forgery Vulnerability (CVE-2017-18033)
  • Atlassian Jira Metadata Insecure Direct Object References Vulnerability (CVE-2020-36231)
  • Atlassian Jira Mobile Site View Information Disclosure Vulnerability (CVE-2020-36235)
  • Atlassian Jira projects plugin report page Information Disclosure Vulnerability (CVE-2020-29451)
  • Atlassian Jira REST API Endpoint Information Disclosure Vulnerability (CVE-2020-36237)
  • Atlassian Jira ViewWorkflowSchemes.jspa and ListWorkflows.jspa Cross Site Scripting Vulnerability (CVE-2020-36236)

 

FreeBSD

  • FreeBSD jail_attach Priviledge Escalation Vulnerability (FreeBSD-SA-21:05.jail_chdir) (CVE-2020-25582)
  • FreeBSD jail_remove Race Condition (FreeBSD-SA-21:04.jail_remove) (CVE-2020-25581)
  • FreeBSD pam_login_access Login Bypass Vulnerability (FreeBSD-SA-21:03.pam_login_access.asc) (CVE-2020-25580)
  • FreeBSD Xen Grant Mapping Error Handling Issues (FreeBSD-SA-21:06.xen) (CVE-2021-26932)

OpenSSL

  • OpenSSL CipherUpdate Integer Overflow Vulnerability (CVE-2021-23840)
  • OpenSSL SSLv2 Incorrect Rollback Protection Vulnerability (CVE-2021-23839)
  • OpenSSL X509_issuer_and_serial_hash() NULL Pointer Dereference Vulnerability (CVE-2021-23841)

PHP

PostgreSQL

Red Hat (Credentialed Checks)

Ubuntu (Credentialed Checks)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.