Unanswered Calls: DMS Vendor Quartet Silent on Zero-Day XSS Exploits


In the realm of enterprise cybersecurity, timely action is paramount. Yet, an unsettling radio silence shrouds the security community as four major document management system (DMS) providers remain unresponsive to the urgent call for addressing serious cross-site scripting (XSS) vulnerabilities. Recently uncovered by researchers at Rapid7, these zero-day exploits pose a substantial risk to organizations relying on the affected platforms, including ONLYOFFICE, OpenKM, LogicalDOC, and Mayan. As the potential consequences loom large, the absence of prompt action from these vendors raises concerns. In this blog post, we delve into the details of the identified vulnerabilities and shed light on the critical importance of immediate resolution.




The Unveiling of Zero-Day XSS Vulnerabilities:

In a recent blog post by Tod Beardsley, director of research at Rapid7, a worrisome discovery emerged: several enterprise management platforms were found to be harboring significant XSS vulnerabilities. These document management systems, whether on-prem, cloud-based, open source, or freemium, were found to have critical flaws that had not yet been addressed by the vendors.

The Call to Action:

Given the severity of stored XSS vulnerabilities within document management systems, particularly in the context of automated workflows, administrators are urged to implement vendor-supplied updates on an emergency basis. Unfortunately, as of the time of writing, no such updates have been made available.

The Breakdown of Vulnerabilities:

Among the impacted platforms, ONLYOFFICE's Workspace enterprise app platform stands out with its most severe issue, tracked as CVE-2022-47412. The stored XSS vulnerability, affecting versions from 0 through 12.1.0.1760, could be exploited if a malicious document is saved within the DMS for indexing. Once a victim unknowingly triggers the XSS condition, an attacker gains access to pilfer session cookies, create privileged accounts, or manipulate browser sessions to secure confidential documents.

OpenKM's open source DMS version 6.3.12 faces two vulnerabilities, CVE-2022-47413 and CVE-2022-47414. The former is another stored XSS flaw that necessitates saving a malicious document in the DMS, while the latter requires an attacker's authenticated access to the OpenKM console. Once the conditions are met, the document 'note' function becomes susceptible to a stored XSS security flaw.

LogicalDOC's open source DMS reveals four less severe vulnerabilities, with CVE-2022-47416 being the most notable. This stored XSS flaw is specific to the Enterprise version of the DMS and is found in an in-app chat system. Meanwhile, CVE-2022-47415, CVE-2022-47417, and CVE-2022-47418 affect both the LogicalDOC Community Edition and Enterprise versions, targeting the in-app messaging system, stored document file name indexes, and stored document version comments, respectively. Surprisingly, even guest privileges alone could be exploited to target administrators.

Finally, Mayan's open source DMS, EDMS Workspace version 4.3.3, encounters a tag-based XSS vulnerability known as CVE-2022-47419.

The Deafening Silence:

Despite Rapid7's attempts to contact the vendors through various channels, including email addresses, support tickets, and support channels, none of them have responded to the disclosure outreach. Even coordination with CERT/CC did not yield any engagement from these organizations. As a result, Rapid7 adheres to its vulnerability disclosure policy and has revealed the issues to the public.


In a time where cyber security vulnerabilities pose immense risks to enterprises, swift action and transparent communication from vendors are essential. The current lack of response from the affected DMS providers highlights the urgency for organizations to be vigilant and seek temporary mitigation measures until official patches are released. As the security community eagerly awaits a response from the vendors, the gravity of these zero-day XSS exploits must not be underestimated, urging administrators to remain vigilant and take precautionary measures to safeguard sensitive data and systems. Stay tuned as we continue to monitor the situation and update this story if and when further developments unfold.

reference: Charlie Osborne

Comments

Post a Comment

Popular posts from this blog

Exploring the Possibility of Alien Life: A Scientific Examination

Image
                  Exploring the Possibility of Alien Life: A Scientific Examination            Since the dawn of human civilization, we have looked up at the night sky and wondered whether we are alone in the universe or if there might be other forms of life out there. While science fiction has fueled our imagination with tales of extraterrestrial beings, the question of whether aliens actually exist is a topic that has intrigued scientists, philosophers, and the general public alike. In this blog, we will delve into the possibility of alien life using well-known formulas of probability, along with key physics theories, and solid reasoning based on the principles of physics and mathematics. The Drake Equation: A Tool for Estimating the Number of Alien Civilizations One of the most famous attempts to quantify the likelihood of extraterrestrial life is the Drake Equation, proposed by astrophysicist Frank Drake in ...
Read more