奇安信 CERT 2019年12月安全监测报告

奇安信 CERT 奇安信 CERT 12月安全监测报告2019 2019年12月安全监测报告 1 目录 一、统计信息 ................................................. 1 （一）重点漏洞处置详情 .......................................................................................................................... 1 （二）漏洞危害等级占比 .......................................................................................................................... 5 （三）漏洞类型分类统计 .......................................................................................................................... 6 二、漏洞详情 ................................................. 7 （一）安全风险通告 ................................................................................................................................. 7 （二）漏洞户口 ...................................................................................................................................... 10 三、漏洞追踪 ................................................ 11 （一）月度总热度TOP10漏洞 ................................................................................................................. 11 （二）月度总热度TOP10漏洞变化趋势 ................................................................................................... 12 （三）热度增长速度最快的TOP10漏洞 ................................................................................................... 14 （四）Web漏洞被攻击者利用情况 ........................................................................................................... 15 附录 ....................................................... 18 通达OA SQL注入漏洞 ............................................................................................................................. 18 通达OA SQL注入漏洞 ............................................................................................................................. 18 IBM Cloud Pak System 文件上传漏洞 ..................................................................................................... 19 Harbor SQL注入漏洞 .............................................................................................................................. 19 Harbor SQL注入漏洞 .............................................................................................................................. 20 Harbor 缺少CSRF保护漏洞 ..................................................................................................................... 21 Harbor 用户枚举漏洞 ............................................................................................................................. 21 Harbor 特权提升漏洞 ............................................................................................................................. 22 PostgreSQL特权提升漏洞 ....................................................................................................................... 22 GoAhead Web Server 远程代码执行漏洞 ................................................................................................. 23 git submodule update功能命令执行漏洞 .............................................................................................. 24 Win32k 特权提升漏洞 ............................................................................................................................. 25 Win32k Graphics 远程代码执行漏洞 ...................................................................................................... 26 Windows Hyper-V 远程代码执行漏洞 ...................................................................................................... 27 Smartbi 任意文件上传漏洞 ..................................................................................................................... 28 2019年12月安全监测报告 2 Smartbi 任意文件读取漏洞 ..................................................................................................................... 28 Smartbi SQL注入漏洞............................................................................................................................. 29 Control Web Panel 泄露 phpmyadmin 密码漏洞 ..................................................................................... 29 Jenkins Maven Release插件XXE漏洞 .................................................................................................... 30 Microsoft SharePoint Server信息泄露漏洞 ......................................................................................... 31 Apache Tomcat 会话固定漏洞 ................................................................................................................. 31 Apache Tomcat 本地特权升级漏洞 .......................................................................................................... 32 Elastic Elasticsearch 命令执行漏洞 ................................................................................................. 32 Citrix ADC和Citrix Gateway远程代码执行漏洞 .......................................