BAE SOCET GXP Unauthenticated Access Vulnerability in Job Status Service
Vulnerability
A vulnerability exists in BAE SOCET GXP versions prior to 4.6.0.2, where the Job Status Service fails to authenticate requests. This flaw may enable remote or local users to abort jobs or access information without the job owner's permission. The vulnerability arises because the service does not require authentication before processing requests, potentially allowing unauthorized users to manipulate job statuses or access sensitive information.
Impact
Exploitation of this vulnerability could lead to unauthorized job status manipulation and information access through the GXP Job Status Service.
Remediation
Users are advised to update to SOCET GXP version 4.6.0.2 or later. If an immediate update is not possible, the GXP Job Status Service can be disabled by changing the HTTP_SERVER setting in the GXP Job Service configuration file, then restarting SOCET GXP. This vulnerability is also addressed in SOCET GXP version 4.6.0.3, which removes the Job Status Service entirely.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.