Endpoint Detection and Response Vulnerability-Web PT Stored Cross-Site Scripting

search cancel

Endpoint Detection and Response Vulnerability-Web PT Stored Cross-Site Scripting

book

Article ID: 423393

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Following multiple vulnerabilities flagged against our Symantec Endpoint Detection and Response (SEDR) WebUI portal.

https://10.xx.xx.4:9443/atpapp/oauth/create?client_name=<payload>&role_id=<id>
https://10.xx.xx.4:9443/atpapp/report/schedule
https://10.xx.xx.4:9443/atpapp/settings/appliance/updatesnmp
https://10.xx.xx.4:9443/atpapp/settings/integrations/sso/config
https://10.xx.xx.4:9443/atpapp/user/saveSSOUser

The URLs above are found to be vulnerable to stored Cross-Site Scripting attacks. This is possible when a user-controlled payload in the form of an HTML tag is embedded into a form field. Whenever the vulnerable page is accessed, the browser parsed the embedded tags with the source code and the supplied script would then be executed in the victim's user browser.

Resolution

Issue is fixed in EDR 4.12.0 HF3 and can be installed with the following commands:

- To verify that this patch is available:

patch list -v atp-patch3-4.12.0-1

- To download:

patch download atp-patch3-4.12.0-1

- To install:

patch install atp-patch3-4.12.0-1

Feedback

thumb_up Yes

thumb_down No