An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."
References
Link | Resource |
---|---|
https://seclists.org/fulldisclosure/2020/Feb/18 | Exploit Mailing List Third Party Advisory |
https://www-demos.smartclient.com/smartclient-12.0/isomorphic/system/reference/?id=group..toolsDeployment | |
https://seclists.org/fulldisclosure/2020/Feb/18 | Exploit Mailing List Third Party Advisory |
https://www-demos.smartclient.com/smartclient-12.0/isomorphic/system/reference/?id=group..toolsDeployment |
Configurations
History
21 Nov 2024, 05:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://seclists.org/fulldisclosure/2020/Feb/18 - Exploit, Mailing List, Third Party Advisory | |
References | () https://www-demos.smartclient.com/smartclient-12.0/isomorphic/system/reference/?id=group..toolsDeployment - |
07 Nov 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server." |
Information
Published : 2020-02-23 02:15
Updated : 2024-11-21 05:40
NVD link : CVE-2020-9353
Mitre link : CVE-2020-9353
CVE.ORG link : CVE-2020-9353
JSON object : View
Products Affected
smartclient
- smartclient
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')