Packet Storm Security note - Finding one of two: codeBeamer – Stored Cross-Site Scripting =============================================================================== Identifiers ------------------------------------------------- * CVE-2019-19912 CVSSv3 score ------------------------------------------------- 6.4 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H) Vendor ------------------------------------------------- Intland – Codebeamer (https://codebeamer.com) Product ------------------------------------------------- codeBeamer ALM is a holistically integrated, collaborative Application Lifecycle Management platform with capabilities that cover your entire product development lifecycle. Affected versions ------------------------------------------------- - codebeamer 9.5 and below Credit ------------------------------------------------- Georg Ph E Heise (@gpheheise) / Lufthansa Industry Solutions (@LHIND_DLH) Vulnerability summary ------------------------------------------------- Intland Software has a stored XSS vulnerability in file attachment section. Technical details ------------------------------------------------ The upload section is vulnerable to accept malicious crafted SWF file. . Proof of concept ------------------------------------------------- To exploit this vulnerability standard male formatted SWF file like the ones available on github · https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection` Solution ------------------------------------------------- Contact vendor for a solution Timeline ------------------------------------------------- Date | Status ------------|----------------------------- 20-DEZ-2019 | Reported to vendor 03-JAN-2020 | Acknowledged by vendor 09-MAR-2020 | Patch available 26-MAR-2020 | Public disclosure =============================================================================== Packet Storm Security note - Finding two of two: codeBeamer – Stored Cross-Site Scripting =============================================================================== Identifiers ------------------------------------------------- * CVE-2019-19913 CVSSv3 score ------------------------------------------------- 6.4 ([AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H&version=3.1)) Vendor ------------------------------------------------- Intland – Codebeamer (https://codebeamer.com) Product ------------------------------------------------- codeBeamer ALM is a holistically integrated, collaborative Application Lifecycle Management platform with capabilities that cover your entire product development lifecycle. Affected versions ------------------------------------------------- - codebeamer 9.5 and below Credit ------------------------------------------------- Georg Ph E Heise (@gpheheise) / Lufthansa Industry Solutions (@LHIND_DLH) Vulnerability summary ------------------------------------------------- Intland Software has a stored XSS vulnerability in their CodeBeamer 9.5 ALM Tackers Title parameter. Technical details ------------------------------------------------ The Tackers Heading is vulnerable to a stored cross site scripting (XSS) attack An Attacker has to create or modify a Tracker Heading with a direct XSS to exploit any project user who's viewing the Tracker or the Tracker notes. Proof of concept ------------------------------------------------- The following evidence is provided to illustrate the existence and exploitation: Create a release with the heading similar to this <script> alert(‘hacked’)</script> ` Solution ------------------------------------------------- Contact vendor for a solution Timeline ------------------------------------------------- Date | Status ------------|----------------------------- 20-DEZ-2019 | Reported to vendor 03-JAN-2020 | Acknowledged by vendor 09-MAR-2020 | Patch available 26-MAR-2020 | Public disclosure