Security News > 2020 > December > Xerox DocuShare Bugs Allow Data Leaks
The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data.
Xerox issued its security advisory on November 30.Xerox did not share the specifics of the bugs or possible attack scenarios.
A SSRF vulnerability would allow an attacker to abuse functionality on a server hosting the software-as-a-service DocuShare.
"The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests towards internal services which are not intended to be exposed," according to an OWASP Foundation description of a SSRF attack.
A successful XXE attack would allow a cybercriminal to gain access to confidential data and could also facilitate attacks that include: "Denial of service, server side request forgery and port scanning from the perspective of the machine where the parser is located," according OWASP. Bug hunter Julien Ahrens is credited for finding the bug and bringing it to Xerox's attention.
News URL
https://threatpost.com/xerox-docushare-bugs/161791/
Related news
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)
- Pokemon dev Game Freak confirms breach after stolen data leaks online (source)
- Troubled US insurance giant hit by extortion after data leak (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- Ford investgates alleged breach following customer data leak (source)
- Ford investigates alleged breach following customer data leak (source)