what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting

Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting
Posted Dec 14, 2021
Authored by Oualid Lkhaouni | Site sec-consult.com

Sofico Miles RIA version 2020.2 build 127964T suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-41557
SHA-256 | 89ae9e65148be9a737109dbcef8ece7d4d42ee0915265992d90935cdee23a1ff

Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting

Change Mirror Download
SEC Consult Vulnerability Lab Security Advisory < 20211213-1 >
=======================================================================
title: Stored Cross Site Scripting
product: Sofico Miles RIA
vulnerable version: 2020.2 build 127964T
fixed version: 2020.2 build 128076 or higher
CVE number: CVE-2021-41557
impact: Medium
homepage: https://www.sofico.global
found: 2021-07-09
by: Oualid Lkhaouni (Office Bochum)
SEC Consult Vulnerability Lab

An integrated part of SEC Consult, an Atos company
Europe | Asia | North America

https://www.sec-consult.com

=======================================================================

Vendor description:
-------------------
"Sofico is the world’s leading supplier of mission-critical software solutions
for automotive finance, leasing, fleet, and mobility management companies,
and its software is used by a broad range of renowned leasing companies
all over the world."

Source: https://www.sofico.global/en/about-sofico


Business recommendation:
------------------------
SEC Consult recommends updating to the latest version of Sofico Miles RIA.

An in-depth security analysis performed by security professionals is highly
advised, as the software may be affected from further security issues.


Vulnerability overview/description:
-----------------------------------
1) Stored Cross Site Scripting (CVE-2021-41557)
Miles RIA is a software solution by Sofico that allows leasing companies to manage
their leasing services on a single platform.

The Miles RIA application is vulnerable to Stored Cross-Site Scripting (XSS).
An attacker with access to a user account of the RIA IT or the Fleet role
can create a malicious work order in the damage reports section or change
existing work orders with malicious JavaScript.


Proof of concept:
-----------------
1) Stored Cross Site Scripting (CVE-2021-41557)
The following payload can be used for the insecure work order number
parameter of pending work orders in the damage reports section to inject
and execute malicious JavaScript in the context of the victim.
Once the victim visits the malicious work order, the attacker-controlled
input gets reflected in the lower left context menu of the loaded webpage:

1000 <img src=x onerror=alert(document.domain)>

This JavaScript code will then automatically get executed when the site
which contains the payload is visited by the victim.


Vulnerable / tested versions:
-----------------------------
The following software version has been tested and found to be vulnerable:
* Miles RIA 2020.2 build 127964T

It is unknown whether previous versions are affected, as the vendor did not
supply this information.


Vendor contact timeline:
------------------------
2021-07-26: Contacting vendor through contact.de@sofico.global; No answer.
2021-08-24: Contacting vendor through contact.de@sofico.global; No answer.
2021-09-21: Contacting vendor through contact.de@sofico.global and contact@sofico.global; No answer.
2021-11-04: Informing vendor about public advisory release on 9th November 2021.
2021-11-08: Received info from 3rd party about patches.
2021-11-24: Informing vendor about public advisory release on 29th November 2021.
2021-11-24: Received more detailed info from 3rd party about patches.
2021-12-01: Coordination call with vendor.
2021-12-13: Coordinated release of security advisory.


Solution:
---------
The vendor provides patches for the affected product versions:
* Miles RIA 2020.2 build 128076 or higher


Workaround:
-----------
None


Advisory URL:
-------------
https://sec-consult.com/vulnerability-lab/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult, an Atos company
Europe | Asia | North America

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an
Atos company. It ensures the continued knowledge gain of SEC Consult in the
field of network and application security to stay ahead of the attacker. The
SEC Consult Vulnerability Lab supports high-quality penetration testing and
the evaluation of new offensive and defensive technologies for our customers.
Hence our customers obtain the most current information about vulnerabilities
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://sec-consult.com/contact/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

EOF Oualid Lkhaouni / @2021


Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close