Krajowa Izba Rozliczeniowa SzafirHost Improper Validation of Integrity Check Value Vulnerability

A vulnerability exists in SzafirHost, a component of the Szafir SDK Web application, all versions prior to 1.1.0. The issue arises because SzafirHost fails to properly verify the integrity of uploaded dynamic link library files, such as DLL, SO, JNILIB, or DYLIB. While JAR files are validated against a list of trusted hashes or checked for a digital signature from the vendor, this same level of scrutiny is not applied to the aforementioned file types. As a result, an attacker can upload a malicious file that is saved in the user's temporary folder and executed by the application.

Impact

Exploitation of this vulnerability allows for the execution of malicious files, potentially leading to unauthorized actions or damage on the user's system.

Remediation

Users can update to SzafirHost version 1.1.0 or later to address this vulnerability.