questions and answers concerning these vulnerabilities cve-2018-13822, cve-2018-13823, cve-2018-13824, cve-2018-13825, cve-2018-13826
Article ID: 115896
Updated On:
Products
Clarity PPM SaaS
Clarity PPM On Premise
Issue/Introduction
Questions and Answers concerning these vulnerabilities:-
CVE-2018-13822
CVE-2018-13823
CVE-2018-13824
CVE-2018-13825
CVE-2018-13826
Q1. The first vulnerability, CVE-2018-13822, has a medium risk rating and concerns an SSL password being stored in plain text, which can allow an attacker to access sensitive information.
Q2. The second vulnerability, CVE-2018-13823, has a high risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to access sensitive information.
Q3. The third vulnerability, CVE-2018-13824, has a high risk rating and concerns two parameters that fail to properly sanitize input, which can allow a remote attacker to execute SQL injection attacks.
Q4. The fourth vulnerability, CVE-2018-13825, has a high risk rating and concerns improper input validation by the gridExcelExport functionality, which can allow a remote attacker to execute reflected cross-site scripting attacks.
Q5. The fifth vulnerability, CVE-2018-13826, has a medium risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to conduct server side request forgery attacks.
CVE-2018-13822
CVE-2018-13823
CVE-2018-13824
CVE-2018-13825
CVE-2018-13826
Q1. The first vulnerability, CVE-2018-13822, has a medium risk rating and concerns an SSL password being stored in plain text, which can allow an attacker to access sensitive information.
Q2. The second vulnerability, CVE-2018-13823, has a high risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to access sensitive information.
Q3. The third vulnerability, CVE-2018-13824, has a high risk rating and concerns two parameters that fail to properly sanitize input, which can allow a remote attacker to execute SQL injection attacks.
Q4. The fourth vulnerability, CVE-2018-13825, has a high risk rating and concerns improper input validation by the gridExcelExport functionality, which can allow a remote attacker to execute reflected cross-site scripting attacks.
Q5. The fifth vulnerability, CVE-2018-13826, has a medium risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to conduct server side request forgery attacks.
Environment
CA PPM v13.1, v13.3, v14.2, v14.3, v14.4, v15.1
Resolution
A1. This is basically if you encrypt properties.xml for the passwords you can still see the SSL password. This is low risk since you can restrict the server access.
A2. This triggers the server to connect to the attacker to retrieve dtd document. This can be used to force Server Side Request Forgery (which, for one, reveals true IP of the machine if it is behind a load balancer - this can actually lead to the other vulnerability - remote command execution). This is high risk and we don’t have any fix unless we upgrade
A3. This is SQL injection where an attacker can craft the vector and inject the SQL
A4. This is again sort of cross side scripting where you can again inject the vector on export to excel action.
A5. This triggers the server to connect to the attacker to retrieve dtd document. This can be used to force Server Side Request Forgery (which, for one, reveals true IP of the machine if it is behind a load balancer - this can actually lead to the other vulnerability - remote command execution). This is high risk and we don’t have any fix unless we upgrade
A2. This triggers the server to connect to the attacker to retrieve dtd document. This can be used to force Server Side Request Forgery (which, for one, reveals true IP of the machine if it is behind a load balancer - this can actually lead to the other vulnerability - remote command execution). This is high risk and we don’t have any fix unless we upgrade
A3. This is SQL injection where an attacker can craft the vector and inject the SQL
A4. This is again sort of cross side scripting where you can again inject the vector on export to excel action.
A5. This triggers the server to connect to the attacker to retrieve dtd document. This can be used to force Server Side Request Forgery (which, for one, reveals true IP of the machine if it is behind a load balancer - this can actually lead to the other vulnerability - remote command execution). This is high risk and we don’t have any fix unless we upgrade
Feedback
Yes
No
Powered by
