TrustKeeper Scan Engine Update for May 20, 2022

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Adobe

• Adobe Magento checkout process Improper Input Validation Vulnerability (APSB22-12) (CVE-2022-24086, CVE-2022-24087)

Apache

• Apache Struts OGNL Remote Code Execution Vulnerability (CVE-2021-31805)

F5 BIG-IP

• F5 BIG-IP iControl REST Remote Code Execution (K23605346) (CVE-2022-1388)

Microsoft

• Microsoft Windows NTLM Security Feature Bypass Vulnerability (CVE-2019-1338)
• Microsoft Exchange Server May 2022 Security Updates Missing (CVE-2022-21978)
• Microsoft Windows May 2022 Security Updates Missing (CVE-2022-29132, CVE-2022-29142, CVE-2022-29139, CVE-2022-29137, CVE-2022-29141, CVE-2022-29140, CVE-2022-29138, CVE-2022-29131, CVE-2022-22019, CVE-2022-29129, CVE-2022-29135, CVE-2022-29134, CVE-2022-29130, CVE-2022-29128, CVE-2022-29127, CVE-2022-29126, CVE-2022-29125, CVE-2022-29123, CVE-2022-29122, CVE-2022-29121, CVE-2022-29120, CVE-2022-29115, CVE-2022-29114, CVE-2022-29113, CVE-2022-29112, CVE-2022-29105, CVE-2022-29106, CVE-2022-29104, CVE-2022-29103, CVE-2022-29102, CVE-2022-22016, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26939, CVE-2022-26938, CVE-2022-26937, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26933, CVE-2022-26932, CVE-2022-26930, CVE-2022-26927, CVE-2022-26926, CVE-2022-26925, CVE-2022-26913, CVE-2022-24466, CVE-2022-26931, CVE-2022-26923, CVE-2022-23279, CVE-2022-23270, CVE-2022-22713, CVE-2022-21972, CVE-2022-29151, CVE-2022-29150)
• Microsoft Exchange Server Elevation of Privilege Vulnerabilities (2022-May) (CVE-2022-21978)

MongoDB

• MongoDB pipeline Denial of Service Vulnerability (SERVER-58203 SERVER-59299 & SERVER-60218) (CVE-2021-32040)

Nginx

• Nginx TLS Improper Certificate Validation Vulnerability (CVE-2021-3618)

OpenSSL

• OpenSSL BN_mod_sqrt() Denial of Service Vulnerability (CVE-2022-0778)
• OpenSSL BN_mod_exp Broken Cryptography Vulnerability (CVE-2021-4160)
• OpenSSL c_rehash Command Injection Vulnerability (CVE-2022-1292)
• OpenSSL OPENSSL_LH_flush() Denial of Service Vulnerability (CVE-2022-1473)
• OpenSSL Prior to 3.0.3 Multiple Vulnerabilities (CVE-2022-1343, CVE-2022-1434)

Sendmail

• Sendmail TLS Improper Certificate Validation Vulnerability (CVE-2021-3618)

Ubuntu (Credentialed Checks)

• Ubuntu DBus vulnerability (USN-5244-2) (CVE-2020-35512)
• Ubuntu Cron vulnerabilities (USN-5259-2) (CVE-2017-9525, CVE-2019-9704, CVE-2019-9705, CVE-2019-9706)
• Ubuntu Twisted vulnerability (USN-5354-2) (CVE-2022-21716)
• Ubuntu networkd-dispatcher regression (USN-5395-2) (CVE-2022-29799, CVE-2022-29800)
• Ubuntu MySQL regression (USN-5400-3) (CVE-2022-21417, CVE-2022-21427, CVE-2022-21444, CVE-2022-21451, CVE-2022-21454, CVE-2022-21460)
• Ubuntu OpenSSL vulnerabilities (USN-5402-1) (CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473)
• Ubuntu SQLite vulnerability (USN-5403-1) (CVE-2021-36690)
• Ubuntu Rsyslog vulnerability (USN-5404-1) (CVE-2022-24903)

VMWare

• VMware Identity Manager Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)

VSFTPD

• VSFTPD TLS Improper Certificate Validation Vulnerability (CVE-2021-3618)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.