searchblox 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、vendor risk csrf, and vendor risk xxe に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-10132 | SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | [email protected] | 6.1 | 5.03% | 2023-09-06 | 2024-11-21 |
| CVE-2020-10131 | SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | [email protected] | 9.8 | 9.92% | 2023-09-06 | 2024-11-21 |
| CVE-2020-10130 | SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | [email protected] | 8.8 | 0.15% | 2023-09-06 | 2024-11-21 |
| CVE-2020-10129 | SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. | [email protected] | 8.8 | 0.17% | 2023-09-06 | 2024-11-21 |
| CVE-2020-10128 | SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript. | [email protected] | 5.4 | 0.26% | 2023-09-05 | 2024-11-21 |
| CVE-2020-35580 | A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users. | [email protected] | 7.5 | 83.42% | 2021-05-20 | 2024-11-21 |
| CVE-2018-11586 | XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | [email protected] | 9.8 | 32.61% | 2018-06-05 | 2024-11-21 |
| CVE-2018-11538 | servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | [email protected] | 8.8 | 0.10% | 2018-06-01 | 2024-11-21 |
| CVE-2015-7919 | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | [email protected] | 10.0 | 1.83% | 2015-12-21 | 2026-05-06 |
| CVE-2015-3422 | Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. | [email protected] | 4.3 | 0.26% | 2015-06-18 | 2026-05-06 |
| CVE-2015-0970 | Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | [email protected] | 8.8 | 0.22% | 2015-04-18 | 2026-05-06 |
| CVE-2015-0969 | SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | [email protected] | 5.0 | 1.21% | 2015-04-18 | 2026-05-06 |
| CVE-2015-0968 | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | [email protected] | 7.5 | 1.92% | 2015-04-18 | 2026-05-06 |
| CVE-2015-0967 | Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | [email protected] | 4.3 | 1.07% | 2015-04-18 | 2026-05-06 |
| CVE-2013-3598 | Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter. | [email protected] | 5.0 | 0.94% | 2013-08-28 | 2026-04-29 |
| CVE-2013-3597 | servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | [email protected] | 5.0 | 38.40% | 2013-08-28 | 2026-04-29 |
| CVE-2013-3590 | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. | [email protected] | 6.8 | 3.76% | 2013-08-28 | 2026-04-29 |