PT-2017-14512 · Remobjects · Remobjects Remoting Sdk For Delphi

Vishal Mishra

Published

2017-11-08

Updated

2017-11-27

CVE-2017-16665

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions RemObjects Remoting SDK for Delphi version 9 1.0.0.0

Description The issue allows for a reflected Cross Site Scripting (XSS) attack. This is achieved via the service parameter to the "/soap" URI, which triggers an invalid attempt to generate WSDL.

Recommendations For version 9 1.0.0.0, consider restricting access to the "/soap" URI to minimize the risk of exploitation. As a temporary workaround, avoid using the service parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-16665

Affected Products

Remobjects Remoting Sdk For Delphi

PT-2017-14512 · Remobjects · Remobjects Remoting Sdk For Delphi

CVE-2017-16665

Weakness Enumeration

Related Identifiers

Affected Products

References · 3