SB2018061309 - Multiple vulnerabilities in SearchBlox

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) XXE attack (CVE-ID: CVE-2018-11586)

The vulnerability allows a remote attacker to conduct XXE attack on the target system.

The vulnerability exists due to XML external entity vulnerability in api/rest/status. A remote attacker can submit a specially crafted DTD in an XML request and read arbitrary files or conduct server-side request forgery (SSRF) attacks.

2) Cross-site request forgery (CVE-ID: CVE-2018-11538)

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists in servlet/UserServlet due to insufficient validation of user-suppliedinput passed via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, bypass CSRF Token gain access to the system and perform arbitrary actions.

Remediation

Install update from vendor's website.

References

• https://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/
• https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/