OTPulse
FeedAboutContact

SearchBlox File Exfiltration Vulnerability

Act Now10ICS-CERT ICSA-15-337-01Sep 5, 2015
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SearchBlox version 8.3 contains an information disclosure vulnerability (CWE-200) that allows unauthorized file access and exfiltration. The vulnerability has a CVSS score of 10.0 with a network attack vector, requiring no authentication or user interaction.

What this means
What could happen
An attacker could access and download sensitive files from a SearchBlox system without authentication, potentially exposing configuration data, credentials, or operational documents stored on the affected server.
Who's at risk
Organizations running SearchBlox 8.3 for document indexing or content management should prioritize this vulnerability. IT departments using SearchBlox for storing configuration or operational documentation are at particular risk if the system is reachable from untrusted networks.
How it could be exploited
An attacker on the network sends unauthenticated requests to the SearchBlox web interface to access file endpoints, retrieving sensitive files directly without requiring credentials or administrator interaction.
Prerequisites
  • Network access to SearchBlox web interface (default port 8080 or configured port)
  • SearchBlox version 8.3 running and accessible
remotely exploitableno authentication requiredlow complexityhigh CVSS score (10.0)no patch available
Exploitability
Moderate exploit probability (EPSS 1.3%)
Affected products (1)
ProductAffected VersionsFix Status
SearchBlox: 8.38.3No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDDisable or isolate SearchBlox service until vendor provides a patched version or approved workaround
HARDENINGRestrict network access to SearchBlox to authorized administrative networks only using firewall rules
Mitigations - no patch available
0/1
SearchBlox: 8.3 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor SearchBlox access logs for unauthorized file requests or suspicious activity patterns
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/f5418c44-82fa-4fcc-929d-862372663c05
SearchBlox File Exfiltration Vulnerability | CVSS 10 - OTPulse