BAE SOCET GXP Information Disclosure Vulnerability in Job Status Service
Vulnerability
A vulnerability in BAE SOCET GXP versions prior to 4.6.0.2 allows the Job Status Service to unintentionally expose sensitive information. In certain situations, the service may reveal local file paths and SOCET GXP version details. This issue arises when the service is configured to accept non-local traffic, potentially enabling an attacker to access this information remotely.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive system information, including configuration details, log files, and service version data. Such information could be leveraged to facilitate further attacks.
Remediation
Users are advised to update to SOCET GXP version 4.6.0.2 or later. If an immediate update is not possible, the Job Status Service HTTP endpoint can be disabled manually by modifying the service configuration file and restarting SOCET GXP. This vulnerability is present in SOCET GXP versions 4.6.0.1 and earlier.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.