BAE SOCET GXP Job Status Service Client-Side Request Forgery Vulnerability

A client-side request forgery (CSRF) vulnerability has been identified in BAE SOCET GXP versions prior to 4.6.0.2. The issue arises because the SOCET GXP Job Status Service lacks proper CSRF protections. This vulnerability allows an attacker to social engineer a valid user into clicking a malicious link or visiting a harmful website, potentially leading to unauthorized requests being sent to the Job Status Service without the user's awareness. Exploitation of this vulnerability could enable an attacker to manipulate job information, such as purging job data, aborting jobs, or restarting the Job Status Service.

Impact

Exploitation of this vulnerability could result in unauthorized actions being performed on the server, such as modifying or deleting job information, without the user's knowledge.

Remediation

Users are advised to update to SOCET GXP version 4.6.0.2 or later, as this version disables network access for the GXP Job Status Service by default. For those unable to update immediately, the Job Status Service HTTP endpoint can be disabled manually by modifying the 'js-config.xml' file in the SOCET GXP Installation Directory, then restarting the application. Users should exercise caution when clicking links from untrusted sources.