Multiple vulnerabilities in SearchBlox

Published: 2018-06-13 13:58:59 | Updated: 2018-06-13 14:40:56
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-11586
CVE-2018-11538
CVSSv3 6.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
6.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-611
CWE-352
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software SearchBlox
Vulnerable software versions SearchBlox 8.6.7
SearchBlox 8.6.6
Vendor URL SearchBlox

Security Advisory

1) XXE attack

Description

The vulnerability allows a remote attacker to conduct XXE attack on the target system.

The vulnerability exists due to XML external entity vulnerability in api/rest/status. A remote attacker can submit a specially crafted DTD in an XML request and read arbitrary files or conduct server-side request forgery (SSRF) attacks.

Remediation

Install update from vendor's website.

External links

https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/

2) Cross-site request forgery

Description

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists in servlet/UserServlet due to insufficient validation of user-suppliedinput passed via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, bypass CSRF Token gain access to the system and perform arbitrary actions.

Remediation

Install update from vendor's website.

External links

https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/

Back to List