Vulnerability Analysis
01.12.2022

Vulnerability Analysis: 2021 Volume 2 Vulnerability Report

The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. Each week, the Virsec team details the top vulnerabilities in open source code and a few vulnerabilities in popular security controls, their affected version, vulnerability details, and how the Virsec Security Platform (VSP) can detect these vulnerabilities. This report includes:

1. CVE-2020-24639: AirWave Glass (Command Injection)
2. CVE-2020-35578: Nagios (Remote Code Execution Vulnerability)
3. CVE-2020-35687: PHP Fusion (CSRF Attack)
4. CVE-2021-1711: Microsoft Office (Remote Code Execution Vulnerability)
5. CVE-2020-4838: IBM API Connect (Cross Path Scripting)
6. CVE-2020-29017: Forti Deceptor (Remote Code Execution Vulnerability) (Confused Deputy)