{"containers": {"cna": {"affected": [{"product": "SysAid - Okta SSO integration", "vendor": "Sysaid", "versions": [{"lessThan": "22.1.49*", "status": "affected", "version": "22.1.63", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Niv Levy - CyberArk"}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request to the identity provider endpoint. An attacker can extract the identity provider endpoint by decoding the SAMLRequest parameter's value and searching for the AssertionConsumerServiceURL parameter's value. It often allows an attacker to view files on the application server filesystem and interact with any back-end or external systems that the application can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference ('XXE')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T15:00:10", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "value": "Update to 22.1.50 cloud version, or to 22.1.64 on premise version."}], "source": {"defect": ["ILVN-2022-0025"], "discovery": "EXTERNAL"}, "title": "SysAid - Okta SSO integration", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cyber.gov.il", "DATE_PUBLIC": "2022-06-14T08:07:00.000Z", "ID": "CVE-2022-23170", "STATE": "PUBLIC", "TITLE": "SysAid - Okta SSO integration"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SysAid - Okta SSO integration", "version": {"version_data": [{"version_affected": ">=", "version_name": "22.1.49", "version_value": "22.1.63"}]}}]}, "vendor_name": "Sysaid"}]}}, "credit": [{"lang": "eng", "value": "Niv Levy - CyberArk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request to the identity provider endpoint. An attacker can extract the identity provider endpoint by decoding the SAMLRequest parameter's value and searching for the AssertionConsumerServiceURL parameter's value. It often allows an attacker to view files on the application server filesystem and interact with any back-end or external systems that the application can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-611 Improper Restriction of XML External Entity Reference ('XXE')"}]}]}, "references": {"reference_data": [{"name": "https://www.gov.il/en/departments/faq/cve_advisories", "refsource": "MISC", "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}, "solution": [{"lang": "en", "value": "Update to 22.1.50 cloud version, or to 22.1.64 on premise version."}], "source": {"defect": ["ILVN-2022-0025"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2022-23170", "datePublished": "2022-06-14T00:00:00", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2022-06-24T15:00:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysaid:okta_sso:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ACD0B25-C198-413D-A3CD-88FD5EA415AF", "versionEndIncluding": "22.1.63", "versionStartIncluding": "22.1.49", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request to the identity provider endpoint. An attacker can extract the identity provider endpoint by decoding the SAMLRequest parameter's value and searching for the AssertionConsumerServiceURL parameter's value. It often allows an attacker to view files on the application server filesystem and interact with any back-end or external systems that the application can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks."}, {"lang": "es", "value": "SysAid - integraci\u00f3n de Okta SSO - se ha encontrado susceptible a una vulnerabilidad de tipo External Entity Injection. Cualquier entorno de SysAid que utilice la integraci\u00f3n de Okta SSO podr\u00eda ser vulnerable. Un atacante no autenticado podr\u00eda explotar la vulnerabilidad de tipo XXE mediante el env\u00edo de una petici\u00f3n POST malformada al endpoint del proveedor de identidad. Un atacante puede extraer el endpoint del proveedor de identidad al decodificar el valor del par\u00e1metro SAMLRequest y buscando el valor del par\u00e1metro AssertionConsumerServiceURL. A menudo permite a un atacante ver los archivos en el sistema de archivos del servidor de aplicaciones e interactuar con cualquier sistema back-end o externo al que la aplicaci\u00f3n pueda acceder. En algunas situaciones, un atacante puede escalar un ataque de tipo XXE para comprometer el servidor subyacente u otra infraestructura de back-end aprovechando la vulnerabilidad de tipo XXE para llevar a cabo ataques de tipo server-side request forgery (SSRF)"}], "id": "CVE-2022-23170", "lastModified": "2022-07-07T15:19:14.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "cna@cyber.gov.il", "type": "Secondary"}]}, "published": "2022-06-24T15:15:10.200", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "cna@cyber.gov.il", "type": "Secondary"}]}

{}