From 3da1de39a6cf1d9b43781e9443af591c6e6d74f5 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Thu, 25 Feb 2021 14:54:36 +0530
Subject: [PATCH] Add Zerologon (and Drupal) information to "Immediate Threats"

---
 .../components/report-components/SecurityReport.js   | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
index 8a27cc7cc..fdcc794f6 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@@ -38,7 +38,9 @@ class ReportPageComponent extends AuthComponent {
       HADOOP: 10,
       PTH_CRIT_SERVICES_ACCESS: 11,
       MSSQL: 12,
-      VSFTPD: 13
+      VSFTPD: 13,
+      DRUPAL: 14,
+      ZEROLOGON: 15
     };
 
   Warning =
@@ -296,6 +298,14 @@ class ReportPageComponent extends AuthComponent {
                       critical.</li> : null}
                   {this.state.report.overview.issues[this.Issue.MSSQL] ?
                     <li>MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.</li> : null}
+                  {this.state.report.overview.issues[this.Issue.DRUPAL] ?
+                    <li>Drupal servers are susceptible to a remote code execution vulnerability
+                      (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">
+                      CVE-2019-6340</a>).</li> : null}
+                  {this.state.report.overview.issues[this.Issue.ZEROLOGON] ?
+                    <li>Machines are vulnerable to 'Zerologon'
+                      (<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
+                      CVE-2020-1472</a>).</li> : null}
                 </ul>
               </div>
               :