CVE-2020-9351

EUVD-2020-30172

23.02.2020, 02:15

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
smartclient	smartclient	12.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-209 - Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.

References

https://seclists.org/fulldisclosure/2020/Feb/18

https://www-demos.smartclient.com/smartclient-12.0/isomorphic/system/reference/?id=group..toolsDeployment

https://seclists.org/fulldisclosure/2020/Feb/18

https://www-demos.smartclient.com/smartclient-12.0/isomorphic/system/reference/?id=group..toolsDeployment