CVE-2020-10129 - SearchBlox product before V-9.2 is vulnerable to Privileged Escalation-Lower user is able to access Admin
Product Description: SearchBlox simplifies enterprise search for complex organizations. SearchBlox intuitive and intelligent tools offer out-of-the-box setup, secure encryption, and low total cost of ownership. AI-powered solutions optimize each step of the search journey to dramatically improve engagement. SearchBlox is the easy choice for leaders in financial services, healthcare, and government.
Description: SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality
Vulnerability Type: Privileged Escalation-Lower user is able to access Admin functionality
Severity Rating: High
Vendor of Product: SearchBlox
Affected Product Code Base: SearchBlox-9.1
Affected Component: SearchBlox product with version before 9.2 is vulnerable to Privileged Escalation issues where-Lower the user is able to access Admin functionality which affects product confidentiality.
Attack Type: Remote
Impact Information Disclosure: True
Attack Vectors: To exploit this vulnerability attacker must use the below URL (http:///searchblox/admin/main.jsp?menu1=adm&menu2=cluster)
Has the vendor confirmed or acknowledged the vulnerability?: True
Reference: Version 9.1 (searchblox.com)
Exploit Author: Amar Kaldate
Contact: Amar Kaldate | LinkedIn