LabKey Server 19.1.0 - XML External Entity (XXE)

Short Info

Level

High

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

11 days 5 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

References:

https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce/
https://github.com/LabKey/Issues/issues/37636
https://nvd.nist.gov/vuln/detail/CVE-2019-9757

Get started to protecting your digital assets

Start trial See the plans

LabKey Server 19.1.0 - XML External Entity (XXE)

Short Info

Detail

Category