The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. Each week, the Virsec team details the top vulnerabilities in open source code and a few vulnerabilities in popular security controls, their affected version, vulnerability details, and how the Virsec Security Platform (VSP) can detect these vulnerabilities. This report includes:
1. CVE-2020-25476: Liferay CMS Portal (Blind persistent XSS)
2. CVE-2020-10658: Proofpoint Insider Threat Management Server (RCE)
3. CVE-2020-8287: Node.js (HTTP Request Smuggling)
4. CVE-2021-21234: Spring Boot Actuator Log view (Directory Traversal)
5. CVE-2020-4917: IBM Cloud Pak (CSRF/ RCE)
6. CVE-2020-5146: Confused Deputy: Sonic Wall SMA100 (OS Command Injection)