CVE-2019-14277

Name of the Vulnerable Software and Affected Versions Axway SecureTransport versions 5.x through 5.3 Axway SecureTransport versions 5.x through 5.5 with certain API configuration

Description The issue concerns unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This can potentially lead to local file disclosure, Denial of Service (DoS), or URI invocation attacks, which may result in remote code execution.

Recommendations For Axway SecureTransport versions 5.x through 5.3, consider disabling the resetPassword functionality via the REST API until a patch is available. For Axway SecureTransport versions 5.x through 5.5 with certain API configuration, restrict the use of the REST API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.