A vulnerability has been found in Java System Solutions SSO Plugin 4.0.13.1 on BMC MyIT (Programming Language Software) and classified as problematic. This vulnerability affects the function select_sso of the file /ux/jss-sso/arslogin. The manipulation with an unknown input leads to a cross site scripting vulnerability (Reflected). The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect integrity. CVE summarizes:

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button.

The bug was discovered 08/20/2018. The weakness was released 08/21/2018 as not defined mailinglist post (Bugtraq). The advisory is available at seclists.org. This vulnerability was named CVE-2018-15528 since 08/19/2018. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• Programming Language Software

Name

• Java System Solutions SSO Plugin

Version

• 4.0.13.1

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion