[CERT-daily] Tageszusammenfassung - 16.04.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-04-2020 18:00 − Donnerstag 16-04-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Polizei warnt vor Fake-Mail von Gesundheitsministerium ∗∗∗
---------------------------------------------
Das gefälschte E-Mail enthält einen Trojaner, der die Daten am Computer verschlüsselt und Lösegeld fordert.
---------------------------------------------
https://futurezone.at/digital-life/polizei-warnt-vor-fake-mail-von-gesundheitsministerium/400814267


∗∗∗ Sicherheitsupdates: Root-Lücken gefährden IP-Telefone von Cisco ∗∗∗
---------------------------------------------
Verschiedene Produkte des Netzwerkausrüsters Cisco sind verwundbar. Mehrere Lücken gelten als "kritisch".
---------------------------------------------
https://heise.de/-4703471



=====================
=  Vulnerabilities  =
=====================

∗∗∗ JSON:API - Critical - Unsupported - SA-CONTRIB-2020-010 ∗∗∗
---------------------------------------------
Project: JSON:API
Version: 8.x-1.26
Date: 2020-April-15
Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Unsupported
Description: This module provides a JSON API standards-compliant API for accessing andmanipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are strongly encouraged to upgrade [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-010


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (git), Fedora (cacti, cacti-spine, chromium, golang-github-buger-jsonparser, kernel, kernel-headers, and kernel-tools), openSUSE (ansible, git, and mp3gain), Oracle (container-tools:ol8, nodejs:10, and virt:ol), Red Hat (chromium-browser, ipmitool, and thunderbird), Slackware (bind), SUSE (quartz), and Ubuntu (php5, php7.0, php7.2, php7.3).
---------------------------------------------
https://lwn.net/Articles/817649/


∗∗∗ CA API Developer Portal 4.2.x / 4.3.1 Access Bypass / Privilege Escalation ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020040090


∗∗∗ Cisco IP Phones Web Application Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp


∗∗∗ Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-gas-dos-8FsE3AWH


∗∗∗ Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw


∗∗∗ Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby


∗∗∗ Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs


∗∗∗ Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


∗∗∗ Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24


∗∗∗ Cisco IoT Field Network Director Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq


∗∗∗ Cisco Unified Communications Manager Path Traversal Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r


∗∗∗ Cisco Aironet Series Access Points Client Packet Processing Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-dos-5ZLs6ESz


∗∗∗ Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs


∗∗∗ Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


∗∗∗ Cisco IoT Field Network Director Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq


∗∗∗ Cisco Unified Communications Manager Path Traversal Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark/


∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error in the Channel processing function. (CVE-2019-4762) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-due-to-an-error-in-the-channel-processing-function-cve-2019-4762/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-websphere-application-server/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server may be vulnerable to attacks based on privilege escalation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-may-be-vulnerable-to-attacks-based-on-privilege-escalation/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-for-enterprise-resource-planning-on-windows-cve-2019-4732/


∗∗∗ Security Bulletin: IBM MQ and IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2020-4338) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2020-4338/


∗∗∗ Security Bulletin: CVE-2020-4260 Secure properties can be revealed using a generic process ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4260-secure-properties-can-be-revealed-using-a-generic-process/


∗∗∗ Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-sterling-connectexpress-for-unix-cve-2019-1551/


∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within cURL libcurl (CVE-2019-15601) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-curl-libcurl-cve-2019-15601/


∗∗∗ Security Bulletin: Multiple Apache CXF vulnerabilities identified in IBM Tivoli Application Dependency Discovery Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-cxf-vulnerabilities-identified-in-ibm-tivoli-application-dependency-discovery-manager/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily