Info Sec & Developers Blog

Dear Reader, I was able to identify CSV Injection in Ericsson ECM (Enterprise Content Management) solution Version: 18.0 (0331) R1E  CVE ID:  CVE-2021-41390 Below are its details: # Software description: Ericsson Catalog Manager allows customers to rapidly launch and enable new innovative offerings with simple user experience and enterprise product, service & resource catalog capabilities.  # Technical Details & Impact: It was observed that Security Provider Endpoint in User Profile Management Section is vulnerable to CSV Injection , using CSV injection; Maliciously crafted formulas can be used for three key attacks: Hijacking the user's computer by exploiting vulnerabilities in the spreadsheet software, such as CVE-2014-3524. Hijacking the user's computer by exploiting the user's tendency to ignore security warnings in spreadsheets that they downloaded from their own website. Exfiltrating contents from the spreadsheet, or other open spreadsheets. # POC Lo...

 Dear Reader, I was able to identify stored XSS in  Ericsson ECM (Enterprise Content Management) solution Version: 18.0 (0331) R1E  CVE ID: CVE-2021-41391 Below are its details: # Software description: Ericsson Catalog Manager allows customers to rapidly launch and enable new innovative offerings with simple user experience and enterprise product, service & resource catalog capabilities.  # Technical Details & Impact: It was observed that Security Management  Endpoint in User Profile Management  Section is vulnerable to stored XSS, In most test cases session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admin's browsers using beef framework. # POC Login as normal user in ECM  Click on User Profile Management and click on Preference Definition or just visit this URL "https://host:port/ecm/securityManagement " change the host/port to your ECM host/...