The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. Each week, the Virsec team details the top vulnerabilities in open source code and a few vulnerabilities in popular security controls, their affected version, vulnerability details, and how the Virsec Security Platform (VSP) can detect these vulnerabilities. This report includes:
1. CVE-2020-4949: IBM WebSphere Application Server- XXE attack
2. CVE-2021-25646: Apache Druid – RCE
3. CVE-2020-29535: RSA Archer: Stored XSS
4. CVE-2021-3156: SUDO- Heap Overflow
5. CVE-2021-3115: Golang CMDi and RCE
6. CVE-2020-4888: IBM QRadar SIEM- Java Deserialization RCE (Confused Deputy)