Emergency Response

Microsoft’s Security Patches for June 2020 Fix 130 Security Vulnerabilities

June 26, 2020 | Mina Hao

Overview   Microsoft released the June 2020 security patches on Tuesday that fix 130 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Android App, Apps, Azure DevOps, Diagnostics Hub, HoloLens, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Edge (Chromium-based) in IE Mode, Microsoft Graphics Component, Microsoft JET […]

Adobe Security Bulletins for June 2020 Security Updates

June 23, 2020 | Mina Hao

Overview On June 10, 2020, local time, Adobe officially released June’s security updates to fix multiple vulnerabilities in its various products, including Adobe FrameMaker, Adobe Experience Manager, and Adobe Flash Player. For details about the security bulletins and advisories, visit the following link:

Yongyou NC Remote Command Execution Vulnerability Threat Alert

June 22, 2020 | Mina Hao

Overview Recently, a domestic security organization released a security advisory to announce a remote code execution vulnerability in Yongyou NC. An attacker could exploit this vulnerability to trigger a deserialization vulnerability via a crafted HTTP request, causing remote code execution on a target server. Yongyou NC is a piece of enterprise-ready management software that is […]

WebSphere Remote Code Execution Vulnerability (CVE-2020-4450) Threat Alert

June 19, 2020 | Mina Hao

Vulnerability Description On June 5, Beijing time, IBM released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability is caused by deserialization of the IIOP protocol. An unauthenticated attacker could target the WAS server remotely via the IIOP protocol, causing arbitrary code execution […]

Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution

June 15, 2020 | Mina Hao

Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. This vulnerability exists in the way the Microsoft SMBv3 protocol handles certain requests. An attacker could exploit this vulnerability […]

Apache Kylin Remote Code Execution Vulnerability (CVE-2020-1956) Threat Alert

June 9, 2020 | Mina Hao

Vulnerability Description Recently, Apache released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-1956) in Apache Kylin. Apache Kylin has some RESTful APIs that will associate OS commands with user-typed strings. As Apache Kylin fails to properly verify user inputs, an attacker could execute arbitrary system commands without authorization. Currently, […]

Fastjson 1.2.68 and Earlier Remote Code Execution Vulnerability Threat Alert

June 8, 2020 | Mina Hao

Vulnerability Description On May 28, Fastjson 1.2.68 and before were reported to contain a remote code execution vulnerability that bypasses the autoType switch to implement deserialization of classes that contain security risks. Attackers could exploit this vulnerability to execute arbitrary code on the target machine.

Apache Tomcat Session Deserialization Code Execution Vulnerability (CVE-2020-9484) Threat Alert

June 5, 2020 | Mina Hao

Overview Recently, Apache Tomcat released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2020-9484) due to persistent session. An attacker can exploit this vulnerability only when the following conditions are met: The attacker can take control of the contents and name of a file on the server. The server is configured […]

Cisco Unified Contact Center Express (Unified CCX) Deserialization Code Execution Vulnerability (CVE-2020-3280) Threat Alert

June 2, 2020 | Mina Hao

Overview Recently, Cisco officially released a security advisory, announcing the fix of a high-risk vulnerability (CVE-2020-3280) in Unified Contact Center Express (Unified CCX). The vulnerability stems from the fact that during the deserialization operation of the software, the input provided by the user is not sufficiently restricted. The attacker can send a malicious Java object […]

WellinTech KingView Multiple Vulnerabilities Threat Alert

June 1, 2020 | Mina Hao

Overview Some versions of WellinTech KingView are prone to multiple vulnerabilities, including the real-time database access authorization bypass vulnerability and denial-of-service vulnerability existing in the web data transmission service. Vulnerability details are as follows: 1. KingView real-time database access authorization bypass vulnerability (CNVD-C-2020-87074) 2. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92339) […]