The specific affected software component: VRAVa software version An attacker must be remote user with administrator privilege and use specific method (e.g. Cross site request forgery, injected script code) to exploit this vulnerability. Impact An attacker can send specially crafted request to the targeted system and cause denial of service. How to Prevent/Protect against this issue - Make sure your e-commerce system has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your e-commerce system has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field

Vulnerability discovered in e-Commerce application:

VRAVa software version
The specific affected software component: VRAVa software version An attacker must be remote user with administrator privilege and use specific method (e.g. Cross site request forgery, injected script code) to exploit this vulnerability. Impact An attacker can send specially crafted request to the targeted system and cause denial of service. How to Prevent/Protect against this issue - Make sure your e-commerce system has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your e-commerce system has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field. - Make sure your eRedirect website has VRAVa certificate validation system with strict filtering rules for special parameter of web page input field

Vulnerability Scenario and Attack Vector

1. Attacker tricks victim into visiting malicious website with malicious URL, then he tricks the victim into clicking on a button to go to e-commerce site.
2. Victim sends request with special parameter (e.g. user-ID) to e-commerce site using e-redirect website, then attacker sends forged response with user ID of his choice to e-commerce site through specially crafted request

Timeline

Published on: 10/18/2022 06:15:00 UTC
Last modified on: 10/20/2022 15:08:00 UTC

References