Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

OpenText Secure MFT 2014 R2 SP4 Cross Site Scripting

🗓️ 18 Aug 2015 00:00:00Reported by Dr. Adrian VollmerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

OpenText Secure MFT 2014 R2 SP4 Cross-Site Scripting vulnerability discovered and fixe

Code
`Advisory ID: SYSS-2015-041  
Product: Secure MFT  
Vendor: OpenText  
Affected Version(s): 2013 R1, 2014 R1, 2014 R2  
Tested Version(s): 2014 R2 SP4  
Vulnerability Type: Cross-Site Scripting (CWE-79)  
Risk Level: Medium  
Solution Status: Fixed  
Vendor Notification: 2015-08-05  
Solution Date: 2015-08-14  
Public Disclosure: 2015-08-14  
CVE Reference: Not assigned  
Author of Advisory: Alexander Straßheim, SySS GmbH  
Dr. Adrian Vollmer, SySS GmbH  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Overview:  
  
Secure MFT aims to replace FTP or file transfer via e-mail by providing a  
secure and easy-to-use alternative. Users can send each other files of  
practically any size either by using a Microsoft Windows client, a Microsoft  
Outlook plugin or a web application.  
  
The software manufacturer describes the product as follow (see [1]):  
  
"OpenText Secure MFT is an enterprise-grade managed file transfer solution  
that delivers uncompromising security to safely exchange large files."  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Vulnerability Details:  
  
The SySS GmbH found a reflected cross-site scripting vulnerability in  
the web application component of OpenText Secure MFT solution which can  
be exploited from an attacker's perspectives.  
  
The input field for searching stored files is not correctly sanitized and  
therefore can be abused to inject arbitrary JavaScript statements.  
  
This reflected cross-site scripting vulnerability can be exploited by an  
authenticated attacker by manipulating a token and sending a specially   
crafted JavaScript code (see PoC section).  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Proof of Concept (PoC):  
  
The following URL using the JavaScript code   
  
"><script>alert(1)</<script>   
  
as the value for the URL parameter "querytext" demonstrate the reflected  
cross-site scripting vulnerability by showing a JavaScript alert box.  
  
https://[Secure MFT HOST]/userdashboard.jsp?querytext="><script>alert(1)</script>&button=Search&panel=search  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Solution:  
  
Update Secure MFT to one of the following versions or newer:  
  
* Secure MFT 2013 R3 P6  
* Secure MFT 2014 R2 P2  
* Secure MFT 2015 R1  
* Secure MFT 2015 R1 FP1  
  
Software updates are available at [4]. For further information, see [5].  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Disclosure Timeline:  
  
2015-06-29: Vulnerability discovered  
2015-08-05: Vulnerability reported to vendor  
2015-08-14: Vendor publishes security alert  
2015-08-14: Public release of security advisory according to the SySS  
Responsible Disclosure Policy  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
References:  
  
[1] Web site of Secure MFT  
https://www.opentext.com/what-we-do/products/information-exchange/secure-messaging/opentext-secure-mft  
[2] SySS Security Advisory SYSS-2015-041  
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-041.txt  
[3] SySS Responsible Disclosure Policy  
https://www.syss.de/en/news/responsible-disclosure-policy/  
[4] https://knowledge.opentext.com/knowledge/cs.dll/Open/27077429 (Knowledge Center log on required)  
[5] https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=60914364&objAction=browse&viewType=1  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Credits:  
  
Security vulnerability found by Alexander Straßheim and Dr. Adrian Vollmer of the SySS GmbH.  
  
E-Mail: Alexander.Strassheim (at) syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Alexander_Strassheim.asc  
Key Fingerprint: AA60 5215 FB5A E5AE 3A1E 775F 925F 266E 6E2D 6AD8  
  
E-Mail: Adrian.Vollmer (at) syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Adrian_Vollmer.asc  
Key Fingerprint: 70CF E88C AEE7 DB0F 5DC8 3403 0E02 7C7E 037C 9FE7  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Disclaimer:  
  
The information provided in this security advisory is provided "as is"   
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web  
site.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Copyright:  
  
Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Aug 2015 00:00Current
7.4High risk
Vulners AI Score7.4
opentext secure mftcross-site scriptingvulnerabilitysyss gmbhsecurity advisorysecure messaging
44