Sense of Security – Security Advisory – SOS-09-003
Release Date. | 30-Apr-2009 | ||
Last Update. | – | ||
Vendor Notification Date. | 23-Apr-2009 | ||
Product. | Infor SCM SupplyWEB | ||
Platform. | Windows (verified), possibly others. | ||
Affected versions. | 10.1.2 (verified), possibly others. | ||
Severity Rating. | Medium | ||
Impact. | |||
XSS Issue. | Cookie/credential theft | ||
Impersonation | |||
Loss of confidentiality | |||
Authorisation issue. | Loss of confidentiality | ||
Local File Inclusion issue. | Loss of confidentiality | ||
Attack Vector. | |||
XSS issue. | Remote by authenticated/unauthenticated user (depending on application component). | ||
Authorisation issue | Remote without authentication. | ||
Local File Inclusion issue | Remote with authentication. | ||
Solution Status. | Currently no solution | ||
CVE reference. | CVE-2009-1793 | ||
CVE-2009-1794 | |||
CVE-2009-1795 |
Details.
Undisclosed.
Solution.
The vendor has been advised of the issue, but has not yet issued a fix.
Discovered by.
SOS Labs.