July 2018 – NSFOCUS Threat Intelligence Portal

Weblogic Remote Code Execution Vulnerability

On July 31, 2018 By adeline

Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893. Basic Scores (CVSS Version 3.0 Risk)：9.8 You can […]

Cisco Policy Suite Cluster Manager Default Password Vulnerability

On July 31, 2018August 3, 2018 By adeline

Cisco released an advisory on July 18 to alert users about a critical vulnerability (CVE-2018-0375) in its Cluster Manager of Cisco Policy Suite. This vulnerability could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability […]

MODX Revolution Remote Code Execution Vulnerability

On July 20, 2018 By adeline

Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions. A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files. Reference: https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515 Affected Versions MODX Revolution <= 2.6.4 Unaffected Versions  Modx Revolution >= 2.6.5 Solution Users are […]

NSFOCUS Weekly Cybersecurity Report （ID: 201827）

On July 18, 2018 By adeline

(Report ID: 201827) Internet Threat Status CVE Statistics The number of new CVE IDs increased considerably last week. Threat Review XXE in WeChat Pay Sdk|WeChat leave a backdoor on merchant websites （07-01-2018） A payment security researcher found an XXE vulnerability in the JAVA version SDK. The attacker can build […]

XXE Vulnerability in WeChat Payment

On July 9, 2018August 3, 2018 By adeline

The website Seclists.Org disclosed a vulnerability in WeChat Pay on 3 July 2018. It was found by a payment security researcher, who described that WeChat unintentionally provides an xxe vulnerability in the JAVA version SDK when merchants provide a notification URL to accept asynchronous payment results. The attacker can build […]

NSFOCUS Weekly Cybersecurity Report （ID: 201826）

On July 3, 2018 By adeline

Internet Threat Status CVE Statistics The number of new CVE IDs in last week was 193, a decrease compared with the previous week. Threat Review WPA3 Standard Officially Launches With New Wi-Fi Security Features （06-25-2018） The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises […]