Advertisement






Raritan CommandCenter Secure Gateway XML Injection

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019110105

Below is a copy:

Raritan CommandCenter Secure Gateway XML Injection
I. VULNERABILITY
-------------------------
Raritan CommandCenter Secure Gateway XML External Entity

II. CVE REFERENCE
-------------------------
CVE-2018-20687

III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway

IV. TIMELINE
------------------------
04/01/2019 Vulnerability discovered
07/01/2019 Vendor contacted

V. CREDIT
-------------------------
Okan Cokun from Biznet Bilisim A.S.
Faruk nal From Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Raritan CommandCenter Secure Gateway version prior 8.0.0 affected by
XXE. A remote unauthenticated attacker may lead to the disclosure of
confidential data, denial of service, server side request forgery,
port scanning from the perspective of the machine where the parser is
located, and other system impacts by using this vulnerability.

Vulnerable path: /CommandCenterWebServices/.*

VII. SOLUTION
-------------------------
Update current CommandCenter Secure Gateway

VIII. REFERENCES
-------------------------

You can find more information about XXE from the link below:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum