Multiple Vulnerabilities on HashiCorp Consul

Overview :
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities
Affected Product(s) :

This vulnerability affects the following version of HashCorp Consul

  • HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2
Vulnerability Details :
CVE ID : CVE-2020-7955 CVE-2020-7219
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure.

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service

Solution :

Fixed in 1.6.3.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-42457 : GENEREX CS141 PRIOR 2.08 WEB INTERFACE GXSERVE-UPDATE.SH RUN_UPDATE PRIVILEGE ESCALATION

CVE-2022-42457 : GENEREX CS141 PRIOR 2.08 WEB INTERFACE GXSERVE-UPDATE.SH RUN_UPDATE PRIVILEGE ESCALATION

Description Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

Description An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable