In this Section

Security Advisory – Infor SCM SupplyWEB Multiple Vulnerabilities

pdf_symbol

Sense of Security – Security Advisory – SOS-09-003

 

Release Date. 30-Apr-2009
Last Update.
Vendor Notification Date. 23-Apr-2009
Product. Infor SCM SupplyWEB
Platform. Windows (verified), possibly others.
Affected versions. 10.1.2 (verified), possibly others.
Severity Rating. Medium
Impact.
XSS Issue. Cookie/credential theft
Impersonation
Loss of confidentiality
Authorisation issue. Loss of confidentiality
Local File Inclusion issue. Loss of confidentiality
Attack Vector.
XSS issue. Remote by authenticated/unauthenticated user (depending on application component).
Authorisation issue Remote without authentication.
Local File Inclusion issue Remote with authentication.
Solution Status. Currently no solution
CVE reference. CVE-2009-1793
CVE-2009-1794
CVE-2009-1795

 

Details.

Undisclosed.

 

Solution.

The vendor has been advised of the issue, but has not yet issued a fix.

 

Discovered by.

SOS Labs.