关联漏洞
Description
CVE-2020-10132 - SearchBlox product before V-9.1 is vulnerable to CORS misconfiguration.
介绍
# CVE-2020-10132 - CVE-2020-10132 - SearchBlox product before V-9.1 is vulnerable to CORS misconfiguration.
**Product Description:** SearchBlox simplifies enterprise search for complex organizations. SearchBlox intuitive and intelligent tools offer out-of-the-box setup, secure encryption, and low total cost of ownership. AI-powered solutions optimize each step of the search journey to dramatically improve engagement. SearchBlox is the easy choice for leaders in financial services, healthcare, and government.
**Description:** SearchBlox before Version 9.1 is vulnerable to CORS misconfiguration
**Vulnerability Type:** Cross-origin resource sharing misconfigure
**Severity Rating:** Medium
**Vendor of Product:** SearchBlox
**Affected Product Code Base:** SearchBlox-9.1
**Affected Component:** SearchBlox product with version before 9.1 is vulnerable to Cross-origin resource sharing misconfigure.
**Attack Type:** Remote
**Impact Information Disclosure:** True
**Attack Vectors:** To exploit this vulnerability attacker must use the below URL
(http://<Web-Interface-URLs>/searchblox/admin/main.jsp)
**Has the vendor confirmed or acknowledged the vulnerability?:** True
**Reference:** [Version 9.1 (searchblox.com) ](https://developer.searchblox.com/v9.2/changelog/version-91)
**Exploit Author:** Amar Kaldate
**Contact:** [ Amar Kaldate | LinkedIn ](https://www.linkedin.com/in/amar-kaldate/)
文件快照
[4.0K] /data/pocs/5f214a3cf17c5087ebdf490f8843e60dd649a9ff
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →