Securden Unified PAM Unauthenticated Unrestricted File Upload Vulnerability
Vulnerability
A vulnerability allowing unauthenticated users to upload files of any type to the server has been identified in Securden Unified PAM versions 9.0.x through 11.3.1. This unrestricted file upload vulnerability could be exploited to upload malicious binaries and scripts, potentially leading to unauthorized actions on the server.
Impact
Exploitation of this vulnerability allows for unauthenticated file uploads, which could be leveraged to execute malicious scripts or binaries on the server.
Reproduction
The vulnerability can be reproduced by sending a request to the '/accountapp/upload_web_recordings_from_api_server' endpoint without authentication. The 'file_name' and 'relative_path' parameters can be used to specify the uploaded file's name and location. Path traversal characters can be included to overwrite existing files, such as the 'postgresBackup.bat' file, which is executed during database backup processes.
Remediation
Users are advised to update Securden Unified PAM to version 11.4.4 or higher.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.