Solutionary ID: SERT-VDN-1005
Risk Rating: Low
CVE ID: CVE-2011-3686, CVE-2011-3687
Product: Sonexis ConferenceManager
Application Vendor: Sonexis
Vendor URL: http://www.sonexis.com/products/index.asp
Date discovered: 1/27/2011
Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)
Vendor notification date: 2/18/2011
Vendor response date: 3/02/2011
Vendor acknowledgment date: 3/02/2011
Public disclosure date: 4/06/2011
Type of vulnerability: Cross Site Scripting (XSS) - Stored and Reflected
Exploit Vectors: Local and Remote
Tested on: Windows Server 2003 RC2 (SP2) with Sonexis ConferenceManager versions 18.104.22.168 and 22.214.171.124
Affected software versions: Sonexis ConferenceManager versions 126.96.36.199 (Reflected XSS) and 188.8.131.52 (Stored XSS) (previous versions may also be vulnerable)
Impact: Successful attacks could disclose sensitive information about the user, session, and application to the attacker, resulting in a loss of confidentiality. Using XSS, an attacker could insert malicious code into a web page and entice naïve users to execute the malicious code.
Fixed in: Reflected XSS vulnerabilities appear to have been fixed during our testing of version 184.108.40.206. Please consult the vendor for the specific patch addressing the reflected XSS items discovered.
Remediation guidelines: Restrict access to internal network segments and monitor vendor notifications for application updates that may address and fix the issues identified.