PT-2019-18591 · Ericsson · Ericsson Active Library Explorer

Published

2019-03-17

Updated

2019-03-25

CVE-2019-7417

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ericsson Active Library Explorer (ALEX) version 14.3

Description A security issue exists in the software, where an XSS issue is present in multiple parameters of the "/cgi-bin/alexserv" servlet. The affected parameters include DB, FN, fn, and id.

Recommendations For Ericsson Active Library Explorer (ALEX) version 14.3, consider restricting access to the vulnerable servlet "/cgi-bin/alexserv" to minimize the risk of exploitation. Avoid using the parameters DB, FN, fn, and id in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7417

Affected Products

Ericsson Active Library Explorer

PT-2019-18591 · Ericsson · Ericsson Active Library Explorer

CVE-2019-7417

Weakness Enumeration

Related Identifiers

Affected Products

References · 5