Sense of Security – Security Advisory – SOS-09-003
| Release Date. | 30-Apr-2009 | ||
| Last Update. | – | ||
| Vendor Notification Date. | 23-Apr-2009 | ||
| Product. | Infor SCM SupplyWEB | ||
| Platform. | Windows (verified), possibly others. | ||
| Affected versions. | 10.1.2 (verified), possibly others. | ||
| Severity Rating. | Medium | ||
| Impact. | |||
| XSS Issue. | Cookie/credential theft | ||
| Impersonation | |||
| Loss of confidentiality | |||
| Authorisation issue. | Loss of confidentiality | ||
| Local File Inclusion issue. | Loss of confidentiality | ||
| Attack Vector. | |||
| XSS issue. | Remote by authenticated/unauthenticated user (depending on application component). | ||
| Authorisation issue | Remote without authentication. | ||
| Local File Inclusion issue | Remote with authentication. | ||
| Solution Status. | Currently no solution | ||
| CVE reference. | CVE-2009-1793 | ||
| CVE-2009-1794 | |||
| CVE-2009-1795 | |||
Details.
Undisclosed.
Solution.
The vendor has been advised of the issue, but has not yet issued a fix.
Discovered by.
SOS Labs.