Search This Blog

Researcher discovered multiple vulnerabilities in Manage Engine OpStor


The vulnerability researcher Ibrahim El-Sayed (Mossad) discovered multiple different software vulnerabilities in Manage Engines OpStor Manager.

OpStor is a multi-vendor storage area networks SAN and network attached storage NAS monitoring tool for storage devices like Storage Arrays, Fabric Switches, Tape Libraries, Host servers and Host Bus Adapters cards from leading vendors like EMC, HP, IBM, Promise, Fibrenetix, Cisco, Brocade, DELL, ADIC, SUN, QLogic, Emulex, JNI and co.

Ibrahim discovered 3 type of vulnerabilities in his report. A blind SQL Injection vulnerability, a persistent script code inject bug and multiple client side cross site scripting vulnerabilities.

The first vulnerability allows an attacker (remote) or local low privileged user account to execute a SQL commands on the affected application dbms. The vulnerability is located in raidMaps.do file with the bound vulnerable name parameter. Successful exploitation of the vulnerability result in dbms and application compromise.
Exploitation requires no user inter action and without privileged user account.

The secound allow remote attackers to implement/inject malicious script code on the application side (persistent).The persistent vulnerability is located in Alarm reporting module with the bound vulnerable subject parameters.Successful exploitation of the vulnerability result in session hijacking (manager/admin) or stable (persistent) context manipulation. Exploitation requires low user inter action and privileged user account.

The third vulnerability allows remote attackers to hijack (client side) website customer, moderator or admin sessions with medium or high required user inter action or local low privileged user account. The vulnerabilities are located in availability730.do with the bound vulnerable day and name parameters. Successful exploitation can result in account steal, client site phishing and client-side content request manipulation.

Advisory:
http://www.vulnerability-lab.com/get_content.php?id=667
Share it:

Vulnerability

Vulnerability Lab