Lucene search

[email protected]CVE-2019-14277

HistoryJul 26, 2019 - 4:15 a.m.

CVE-2019-14277

2019-07-2604:15:11

CWE-91

[email protected]

web.nvd.nist.gov

278

cve-2019-14277

information security

axway securetransport

blind xml injection

rest api

xxe

dos

ssrf

remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.089

Percentile

94.6%

JSON

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.

Affected configurations

NVD

Node

axwaysecuretransportMatch5.2.1

axwaysecuretransportMatch5.3.0

axwaysecuretransportMatch5.3.1

axwaysecuretransportMatch5.3.3

axwaysecuretransportMatch5.3.6

VendorProductVersionCPE
axwaysecuretransport5.3.0cpe:/a:axway:securetransport:5.3.0:::
axwaysecuretransport5.3.3cpe:/a:axway:securetransport:5.3.3:::
axwaysecuretransport5.2.1cpe:/a:axway:securetransport:5.2.1:::
axwaysecuretransport5.3.1cpe:/a:axway:securetransport:5.3.1:::
axwaysecuretransport5.3.6cpe:/a:axway:securetransport:5.3.6:::

Vendor	Product	Version	CPE
axway	securetransport	5.3.0	cpe:/a:axway:securetransport:5.3.0:::
axway	securetransport	5.3.3	cpe:/a:axway:securetransport:5.3.3:::
axway	securetransport	5.2.1	cpe:/a:axway:securetransport:5.2.1:::
axway	securetransport	5.3.1	cpe:/a:axway:securetransport:5.3.1:::
axway	securetransport	5.3.6	cpe:/a:axway:securetransport:5.3.6:::

References

community.axway.com/s/article/SecureTransport-Security-Notice

community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE

gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE

www.exploit-db.com/exploits/47150

zero.lol/2019-07-21-axway-securetransport-xml-injection/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.089

Percentile

94.6%

JSON

Related for CVE-2019-14277

prion1 nvd1 cvelist1