White Paper:

Virsec Security Research Lab Vulnerability Report – Volume 2, 2020

The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. Each week, the Virsec team details the top 5 vulnerabilities in open source code and a few vulnerabilities in popular security controls, their affected version, vulnerability details, and how the Virsec Security Platform (VSP) can detect these vulnerabilities. This report includes:

1. CVE-2020-2241: Cross-Site Request Forgery (CSRF) vulnerability in Jenkins database Plugin 1.6
2. CVE-2020-11984: Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
3. CVE-2019-0230: Apache struts 2.0.0 to 2.5.20: possible RCE due to forced double OGNL evaluation
4. CVE-2020-4589: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 – RCE Vulnerability
5. CVE-2020-24621: OpenMRS remote code execution (RCE) vulnerability on htmlformentry (aka HTML Form Entry) module 10

separator-green
separator-green - bottom