Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for March 20, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian

  • Atlassian Jira Comment Permissions Access Control (CVE-2019-20106)
  • Atlassian Jira Importers Plugin Information Disclosure Vulnerability (CVE-2019-20403)
  • Atlassian Jira JMX monitoring flag Cross-site request forgery (CVE-2019-20405)
  • Atlassian Jira on Windows DLL hijacking (CVE-2019-20400)
  • Atlassian Jira RESTAPI Improper authorization (CVE-2019-20404)
  • Atlassian Jira Setup Resources Cross-site request forgery (CVE-2019-20401)
  • Atlassian Jira Support Files Improper Authorization (CVE-2019-20402)
  • Atlassian Jira VerifyPopServerConnection!add.jspa Cross-Site Request Forgery Vulnerability (CVE-2019-20099)
  • Atlassian Jira VerifySmtpServerConnection!add.jspa Cross-SiteRequest Forgery Vulnerability (CVE-2019-20098)

Cisco

  • Cisco ASA AnyConnect VPN Broken Authentication Vulnerability (CSCtq58884) (CVE-2011-2054)

ClamAV

Joomla

  • Joomla Core com_templates Image Actions Cross Site Request Forgery (20200301) (CVE-2020-10241)
  • Joomla Core com_users Identifier Collisions (20200304) (CVE-2020-10240)
  • Joomla Core Protostar and Beez3 Cross-Site Scripting (20200302) (CVE-2020-10242)

Microsoft

MySQL

PHP

  • PHP buildFromIterator() Insecure File Permissions Vulnerability (CVE-2020-7063)
  • PHP phar_extract_file Out-of-Bounds Read Vulnerability (CVE-2020-7061)
  • PHP Session Upload Progress Null Pointer Dereference (CVE-2020-7062)

PostgreSQL

ProFTPD

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.