search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Corporater EPM Suite is vulnerable to cross-site request forgery and cross-site scripting

Vulnerability Note VU#595142

Original Release Date: 2013-08-26 | Last Revised: 2013-09-03

Overview

Corporater EPM Suite contains cross-site request forgery (CSRF) (CWE-352) and reflected cross-site scripting (XSS) (CWE-79) vulnerabilities.

Description

CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2013-3583

Corporater EPM Suite contains a cross-site request forgery vulnerability on the saveProperties.html page through a webpage constructed and sent to a previously authenticated user to make an unauthorized change to their password.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2013-3584
Corporater EPM Suite also contains a reflected cross-site scripting vulnerability that can allow an attacker to inject arbitrary HTML content (including script) via the vulnerable query string parameter customerId.

The CVSS score below applies to the CVE-2013-3584 vulnerability.

Impact

An attacker can conduct a cross-site scripting or cross-site request forgery attack, which could be used make unauthorized changes to user credentials or inject arbitrary HTML content (including script) into a web page presented to the user. JavaScript can be used to steal authentication cookies or other sensitive information.

Solution

We are currently unaware of a practical solution to this problem.

Vendor Information

595142
 
Affected   Unknown   Unaffected

Corporater

Notified:  July 03, 2013 Updated:  August 16, 2013

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N
Temporal 4.0 E:POC/RL:U/RC:UC
Environmental 1 CDP:N/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Tudor Enache of Help AG Middle East for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-3583, CVE-2013-3584
Date Public: 2013-08-26
Date First Published: 2013-08-26
Date Last Updated: 2013-09-03 18:46 UTC
Document Revision: 35

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.