Security Advisory 2019-01

Summary

Possible user impersonation in Stages when SAML authentication is enabled

Release Date

2019-10-11

Severity

Medium (according to NVD definition; CVSS score: 4.6)

Affected Versions

  • 7.3.0.0 to 7.3.5.0
  • 7.2.0.0 to 7.2.1.3
  • 6.7.4.2 to 6.7.8.0

Previous minor and major versions, e.g. 7.1.x.y, 7.0.x.y, 6.6.x.y, 6.5.x.y, or 5.x.y.z are not affected.

Only installations that have enabled SAML authentication are vulnerable.

To find out which Stages version you are running, log in as “root” and click on the “Info” icon (6.x) or “Administration” menu (7.x).

Description

During internal testing, we discovered a security vulnerability in the Stages login procedure that can result in users being able to impersonate another Stages user. Any Stages system accounts, e.g. “root” and “default” are not affected. Direct access to server resources cannot be gained. The vulnerability can only be exploited when SAML authentication is enabled on the server. If SAML authentication is not enabled, the system is not vulnerable.

As the vulnerability is only known within UL Solutions Software Intensive Systems (SIS), active exploitation is very improbable. None of the systems analyzed by SIS including all Stages Cloud instances showed any evidence of unauthorized usage. Please contact us for further information how to analyze if your system has been impacted.

If you see indications of unauthorized usage, please contact security-alerts@ul.com immediately.

Resolution