PT-2019-18591 · Ericsson · Ericsson Active Library Explorer

Publicado

2019-03-17

Atualizado

2019-03-25

CVE-2019-7417

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ericsson Active Library Explorer (ALEX) version 14.3

Description A security issue exists in the software, where an XSS issue is present in multiple parameters of the "/cgi-bin/alexserv" servlet. The affected parameters include DB, FN, fn, and id.

Recommendations For Ericsson Active Library Explorer (ALEX) version 14.3, consider restricting access to the vulnerable servlet "/cgi-bin/alexserv" to minimize the risk of exploitation. Avoid using the parameters DB, FN, fn, and id in the affected API endpoint until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-7417

Produtos afetados

Ericsson Active Library Explorer

PT-2019-18591 · Ericsson · Ericsson Active Library Explorer

CVE-2019-7417

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5