Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title EMC Document Sciences xPression contains multiple vulnerabilities
Informations
Name VU#346982 First vendor Publication 2013-12-02
Vendor VU-CERT Last vendor Modification 2013-12-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#346982

EMC Document Sciences xPression contains multiple vulnerabilities

Original Release date: 02 Dec 2013 | Last revised: 02 Dec 2013

Overview

EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier versions contain path traversal, SQL injection, cross-site scripting (XSS), open redirect, and cross-site request forgery (CSRF) vulnerabilities.

Description

EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier versions contain the following vulnerabilities in the xAdmin and xDashboard applications:

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2013-6177

The xDashboard application allows unauthorized users to read arbitrary files from the file system using the model.logFileName parameter of the /xDashboard/html/jobhistory/jobLogDisplay.action file.

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2013-6176

The xAdmin application has multiple parameters that are susceptible to SQL injection attacks from an unauthorized user.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') - CVE-2013-6175

The xAdmin application is vulnerable to a stored cross-site scripting attack through the marker_name parameter of the /xAdmin/html/op_xp_marker_gen.jsp file. Additionally, both the xAdmin and xDashboard applications are vulnerable to reflected cross-site scripting attacks through numerous parameters in each application.

CWE-601: URL Redirection to Untrusted Site ('Open Redirect') - CVE-2013-6174

The xAdmin application contains multiple files with a vulnerable redirectURL parameter.

CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2013-6173

The xAdmin and xDashboard applications do not implement a mechanism to prevent cross-site request forgery attacks on input forms. It was reported that Document Sciences xPression version 4.2 Patch 16 and possibly earlier versions are affected by this vulnerability. EMC has stated that this vulnerability exists in version 4.2 before Patch 26 and version 4.5 before Patch 05, but does not exist in versions 4.1.x.

The CVSS score reflects the path traversal vulnerability (CVE-2013-6177).

Impact

An attacker may be able to read files from the filesystem, read or modify data in the application database, execute arbitrary scripts in the context of a victim's browser, redirect users to other websites, and forge requests on behalf of the victim.

Solution

Apply an Update

The vendor has released an update to address these vulnerabilities. Affected users are advised to apply one of the following updates:

  • EMC Document Sciences xPression 4.1 SP1 Patch 47 and later
  • EMC Document Sciences xPression 4.2 Patch 26 and later
  • EMC Document Sciences xPression 4.5 Patch 05 and later

EMC has released a security advisory addressing these issues.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
EMC CorporationAffected12 Jul 201327 Nov 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:N/AC:L/Au:S/C:C/I:N/A:N
Temporal5.3E:POC/RL:OF/RC:C
Environmental1.3CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://seclists.org/bugtraq/2013/Nov/att-94/ESA-2013-078.txt
  • http://www.emc.com

Credit

Credit goes to Verizon Enterprise Solutions - Threat and Vulnerability Management (GCIS)
For Discovery: Sertan Kolat and Omer Coskun
For Analysis and coordination: Thierry Zoller

This document was written by Todd Lewellen.

Other Information

  • CVE IDs:CVE-2013-6173CVE-2013-6174CVE-2013-6175CVE-2013-6176CVE-2013-6177
  • Date Public:20 Nov 2013
  • Date First Published:02 Dec 2013
  • Date Last Updated:02 Dec 2013
  • Document Revision:22

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/346982

CWE : Common Weakness Enumeration

% Id Name
20 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
20 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
20 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
20 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
20 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2013-12-14 17:18:00
  • Multiple Updates
2013-12-02 21:18:18
  • First insertion