6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.6%
EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier versions contain path traversal, SQL injection, cross-site scripting (XSS), open redirect, and cross-site request forgery (CSRF) vulnerabilities.
EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier versions contain the following vulnerabilities in the xAdmin and xDashboard applications:
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) - CVE-2013-6177
The xDashboard application allows unauthorized users to read arbitrary files from the file system using the model.logFileName parameter of the /xDashboard/html/jobhistory/jobLogDisplay.action file.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) - CVE-2013-6176
The xAdmin application has multiple parameters that are susceptible to SQL injection attacks from an unauthorized user.
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross Site Scripting’) - CVE-2013-6175
The xAdmin application is vulnerable to a stored cross-site scripting attack through the marker_name parameter of the /xAdmin/html/op_xp_marker_gen.jsp file. Additionally, both the xAdmin and xDashboard applications are vulnerable to reflected cross-site scripting attacks through numerous parameters in each application.
CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) - CVE-2013-6174
The xAdmin application contains multiple files with a vulnerable redirectURL parameter.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2013-6173
The xAdmin and xDashboard applications do not implement a mechanism to prevent cross-site request forgery attacks on input forms. It was reported that Document Sciences xPression version 4.2 Patch 16 and possibly earlier versions are affected by this vulnerability. EMC has stated that this vulnerability exists in version 4.2 before Patch 26 and version 4.5 before Patch 05, but does not exist in versions 4.1.x.
The CVSS score reflects the path traversal vulnerability (CVE-2013-6177).
An attacker may be able to read files from the filesystem, read or modify data in the application database, execute arbitrary scripts in the context of a victim’s browser, redirect users to other websites, and forge requests on behalf of the victim.
Apply an Update
The vendor has released an update to address these vulnerabilities. Affected users are advised to apply one of the following updates:
* EMC Document Sciences xPression 4.1 SP1 Patch 47 and later
* EMC Document Sciences xPression 4.2 Patch 26 and later
* EMC Document Sciences xPression 4.5 Patch 05 and later
346982
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 12, 2013 Updated: November 27, 2013
Affected
The vendor has issued a security advisory.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Temporal | 5.3 | E:POC/RL:OF/RC:C |
Environmental | 1.3 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Credit goes to Verizon Enterprise Solutions - Threat and Vulnerability Management (GCIS) For Discovery: Sertan Kolat and Omer CoskunFor Analysis and coordination: Thierry Zoller
This document was written by Todd Lewellen.
CVE IDs: | CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 |
---|---|
Date Public: | 2013-11-20 Date First Published: |