Multiple vulnerabilities in ClipSoft REXPERT
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-17325 CVE-2019-17324 CVE-2019-17323 CVE-2019-17322 CVE-2019-17321 CVE-2019-17326 |
| CWE-ID | CWE-434 CWE-22 CWE-91 CWE-284 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
REXPERT Server applications / Other server solutions |
| Vendor | ClipSoft |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Arbitrary file upload
EUVDB-ID: #VU22448
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17325
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file uploads in the "ActiveX" method in "RexViewerCtrl30.ocx". A remote attacker can upload arbitrary file and access sensitive information on the target system.
Note: To exploit this vulnerability the target must visit a malicious web page.
MitigationInstall updates from vendor's website.
Vulnerable software versionsREXPERT: 1.0.0.527
External linkshttp://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU22447
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17324
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP POST request with ../ characters and create malicious HTML file, because they can inject a content with crafted template.
Note: To exploit this vulnerability the target must visit a malicious web page.
Mitigation
Install updates from vendor's website.
Vulnerable software versionsREXPERT: 1.0.0.527
External linkshttp://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) XML injection
EUVDB-ID: #VU22446
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17323
CWE-ID:
CWE-91 - XML Injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected software does not properly handle user-supplied XML files in the "report print" function of rexpert viewer. A remote unauthenticated attacker can trick a victim to open a specially crafted XML file that submits malicious input to the targeted system and execute arbitrary files on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install updates from vendor's website.
Vulnerable software versionsREXPERT: 1.0.0.527
External linkshttp://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU22445
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17322
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can create arbitrary files via a POST request with the parameter set to the file path to be written.
Note: To exploit this vulnerability the target must visit a malicious web page.
Mitigation
Install updates from vendor's website.
Vulnerable software versionsREXPERT: 1.0.0.527
External linkshttp://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU22444
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17321
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A remote attacker can gain unauthorized access to sensitive information on the system when requesting web page associated with session, such as username via session file path of HTTP response data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsREXPERT: 1.0.0.527
External linkshttp://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU22443
Risk: Medium
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17326
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can issue a HTTP GET request with a specially crafted parameter, bypass implemented security restrictions and delete files on the target system.
Note: To exploit this vulnerability the target must visit a malicious web page.
MitigationInstall updates from vendor's website.
Vulnerable software versionsREXPERT: 1.0.0.527
External linkshttp://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
