CVE-2017-14101

Name of the Vulnerable Software and Affected Versions Conserus Image Repository archive solution version 2.1.1.105

Description A security issue was discovered in the Conserus Image Repository archive solution, allowing an unauthenticated user to exploit an XML External Entity (XXE) vulnerability. By sending a modified HTTP SOAP request to the vulnerable service, an attacker can gain arbitrary file read access to the local file system. Additionally, this exploit enables the transmission of the application service's account hashed credentials to a remote attacker.

Recommendations For Conserus Image Repository archive solution version 2.1.1.105, consider restricting access to the vulnerable service until a patch is available. As a temporary workaround, avoid using the SOAP request functionality that allows for the exploitation of the XXE vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.