Multiple vulnerabilities in Enterpriser16 LoadBalancer v7.1

Vulnerability-Lab researchers have found multiple persistent input validation web vulnerabilities in the  Enterpriser16 v7.1 Load Balancer Application.

The first vulnerabilities are located in the `Edit Configuration` module with the bound vulnerable Label, Virtual Host, Request to send, Email Alerts and Response expected parameters.

The secound vulnerabilities are located in the Create Solution, Access points and New Contract module with the bound vulnerable title, asset name, contract name, name or description parameter requests.

Exploitation requires low user interaction and a low privileged application user account. Successful exploitation of the vulnerability can lead to persistent session hijacking (manager/admin), persistent phishing or persistent module web context manipulation.

A detailed proof-of-concept can be found here.
Category: / /

Share this with Your friends: