Raritan · Commandcenter Secure Gateway · CVE-2018-20687
Name of the Vulnerable Software and Affected Versions:
Raritan CommandCenter Secure Gateway versions prior to 8.0.0
Description:
The issue allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks. This is achieved by sending a crafted DTD in an XML request, exploiting an XML external entity (XXE) vulnerability in the CommandCenterWebServices.
Recommendations:
For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CommandCenterWebServices to minimize the risk of exploitation.