[Japanese]

JVNDB-2018-000055

Multiple vulnerabilities in baserCMS

Overview

baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below.

*Command injection (CWE-94) - CVE-2018-0569
*Cross-site scripting (CWE-79) - CVE-2018-0570
*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571
*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572
*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573
*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574
*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575

Following researchers reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.

CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573
Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.

CVE-2018-0574 and CVE-2018-0575
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.

CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0569


CVSS V3 Severity:
Base Metrics: 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0570


CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 4.0 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0571


CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 4.0 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0572


CVSS V3 Severity:
Base Metrics: 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0573


CVSS V3 Severity:
Base Metrics: 6.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0574


CVSS V3 Severity:
Base Metrics: 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0575
Affected Products


baserCMS Users Community
  • baserCMS 4.1.0.1 and earlier versions
  • baserCMS 3.0.15 and earlier versions

Impact

*A remote attacker may execute arbitrary code with the operation manager privilege - CVE-2018-0569
*An attacker who can log in to the product as a site operator privilege may execute arbitrary OS commands - CVE-2018-0570
*An attacker who can log in to the product as a site operator privilege may upload arbitrary files - CVE-2018-0571
*An attacker who can log in to the product as a site operator privilege may view or alter a restricted content - CVE-2018-0572
*A remote attacker may view a file which is uploaded by a site user - CVE-2018-0573
*An arbitrary script may be executed on the user's web browser where the user accesses the theme management function - CVE-2018-0574
*A remote attacker may view a file which is uploaded by a site user. - CVE-2018-0575
Solution

Solution for CVE-2018-0570, CVE-2018-0571, CVE-2018-0573, CVE-2018-0574, and CVE-2018-0575:
[Update the software]
Update to the latest version according to the information provided by the developer.
According to the developer, CVE-2018-0573 and CVE-2018-0575 vulnerabilities do not exist if the product has been successfully installed. Those 2 vulnerabilities exist only in the situation where the installation of the product failed with issues such as access restrictions, etc.

Solution for CVE-2018-0569:
[Update the software and then configure a user authentication properly]
Update the software first, and then set a user authentication enabled/disabled. If a user authentication is enabled, a system administrator's privilege is required to save a script in an article.
The developer states that all authentications besides a system administrator's authentication becomes disabled, and then setting respective authentications enabled/disabled appropriately becomes possible after updating the software to the latest version.
All users authentications are enabled if installing the software for the first time using the latest installer.

Solution for CVE-2018-0572:
[Apply a Workaround]
When restricting access control using contents management function, be sure to register all URLs of the pages that need to be accessed.
For more information, refer to the developer's website.
Vendor Information

baserCMS Users Community
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
  3. Code Injection(CWE-94) [IPA Evaluation]
  4. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-0569
  2. CVE-2018-0570
  3. CVE-2018-0571
  4. CVE-2018-0572
  5. CVE-2018-0573
  6. CVE-2018-0574
  7. CVE-2018-0575
References

  1. JVN : JVN#67881316
Revision History

  • [2018/05/22]
      Web page was published