Martin Orem

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side Request Forgery) attacks. User interaction is required as potential victim needs to open a specially crafted URL.

**Name of the Vulnerable Software and Affected Versions** Slovensko.Digital Autogram (affected versions not specified) **Description** The application contains an Improper Restriction of XML External Entity Reference issue in the XMLUtils.java component. This allows a remote, unauthenticated attacker to perform Server Side Request Forgery (SSRF) attacks and gain unauthorized access to local files on the filesystem where the vulnerable application is running. Exploitation requires the victim to visit a specially crafted website that sends a request containing a specially crafted XML document to the `/sign` API endpoint of the local HTTP server run by the application. SSRF is a web security issue that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.