Shafeeque Olassery Kunnikkal

Home

Author Archives: Shafeeque Olassery Kunnikkal

CVE-2018-1528 – IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API
March 24, 2025 12:23 am Leave a Comment
Reported this vulnerability while doing a penetration testing of IBM Maximo Asset Management software

Summary

IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API.

This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on top of an affected IBM Maximo Asset Management. *

Maximo Asset Management core product affected versions:
Maximo Asset Management 7.6

Industry Solutions products affected if using an affected core version:
Maximo for Aviation
Maximo for Government
Maximo for Life Sciences
Maximo for Nuclear Power
Maximo for Oil and Gas
Maximo for Transportation
Maximo for Utilities

IBM Control Desk products affected if using an affected core version:
SmartCloud Control Desk
IBM Control Desk
Tivoli Integration Composer

* To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Product Coexistence Matrix for a list of supported product combinations.

More details is available here :- https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-could-allow-authenticated-user-obtain-sensitive-information-whoami-api-cve-2018-1528
CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 2
March 23, 2025 8:50 am Leave a Comment
Below is the details of the reflected XSS , I have found in Cloudera Enterprise. More details can be found here :- https://www.cloudera.com/documentation/other/securitybulletins/topics/Security-Bulletin.html#DOCS-3186

Login to Cloudera manager using credentials
admin:admin

1. Navigate the following URL which includes the XSS Payload.

2. Navigate the following URL in browser after login to Cloudera Manager, use these credentials for login:- admin:admin

http://localhost:7180/cmf/config2/dialog?metadataUrl=%2fcmf%2fclusters%2f1%2fsearchConfig%2fmetadata.json%3fserviceDep%3dtrue%26q%3dspark_on_yarn%3C%2fscript%3E%3Cscript%3Ealert%28%27reflected%20xss%27%29%3C%2fscript%3E

Will see the XSS payload executed as shown in the image below.
CVE-2018-5798 – Cross-site scripting vulnerability in Cloudera Manager – Part 1
7:54 am Leave a Comment
Below is the details of the reflected XSS , I have found in Cloudera Enterprise. There were multiple XSS was reported and will be publishing this details in subsequent posts. More details can be found here :-

https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#DOCS-3186

Login to Cloudera manager using credentials
admin:admin or cloudera:cloudera

We need to intercept the HTTP traffic so launch Burps suite. Set the proxy in browser 127.0.0.1, port 8080

Click on add services against the cluster in Cloudera Manager, select any service, Let me choose the service as flume.

Click continue, the traffic will be intercepted in browser.
Click forward of the proxy traffic tab in the burp till you get the request as shown in the image.

Now we want to inject the XSS payload in the parameter ‘ServiceType’ as shown in the following image.

Switch of the interception in burp and come back to the browser. Will see the XSS payload executed as shown in the below image.

The vulnerability can be reproduced by accessing the following URL

directly.http://localhost:7180/cmf/clusters/1/add-service/index?serviceType=

Please note you have to log in to the Cloudera Manager with above mentioned credentials. Replace the IP of the Cloudera Manager instead of localhost if you are accessing remotely.