Skip to content

jet-pentest/CVE-2022-24449

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

CVE-2022-24449

Solar Appscreener XXE [Suggested description] An issue was found in Solar AppScreener SAST tool through 3.10.4. An unauthorized actor, may exploit effected hosts where vulnerable version is installed, by uploading specially crafted XML files on hosts, which has an expired or non-installed license. The lowest approved impact is XXE-SSRF.

[Additional Information] Fixed in >3.10.4

[VulnerabilityType Other] CWE-611: Improper Restriction of XML External Entity Reference

[Vendor of Product] SOLAR SECURITY LLC (https://en.rt-solar.ru/)

[Affected Product Code Base] Affected version: Solar Appscreener 3.10.4

[Affected Component] License update mechanism

[Attack Type] Remote

[Impact Code execution] true

[Impact Denial of Service] true

[Impact Escalation of Privileges] true

[Impact Information Disclosure] true

[Attack Vectors] An attacker able to upload specially crafted XML file via license update function

[Discoverer] Dmitry Kuramin (Jet Infosystems, jet.su)

[Reference] https://jet.su

About

Solar Appscreener XXE

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published