PT-2014-6433 · Safenet · Safenet Authentication Service (Sas) Outlook Web Access Agent

Publicado

2014-12-16

Atualizado

2014-12-17

CVE-2014-5359

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) versions prior to 1.03.30109

Description The issue allows remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the GetFile parameter to the "owa/owa" endpoint.

Recommendations For versions prior to 1.03.30109, update to version 1.03.30109 or later to resolve the issue. As a temporary workaround, consider restricting access to the GetFile parameter in the "owa/owa" endpoint until a patch is applied.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2014-5359

Produtos afetados

Safenet Authentication Service (Sas) Outlook Web Access Agent

PT-2014-6433 · Safenet · Safenet Authentication Service (Sas) Outlook Web Access Agent

CVE-2014-5359

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3