ELBA Multiple Security Vulnerabilities

Bugtraq ID:	52082
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Feb 20 2012 12:00AM
Updated:	Feb 20 2012 12:00AM
Credit:	Povilas Tumenas, SEC Consult Vulnerability Lab
Vulnerable:	RACON Software GmbH Linz ELBA 5.5 RACON Software GmbH Linz ELBA 5.4.1
Not Vulnerable:

ELBA Multiple Security Vulnerabilities

ELBA is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include an SQL-injection vulnerability, a denial-of service vulnerability, and an information-disclosure vulnerability.

An attacker can exploit these vulnerabilities to disclose sensitive information, exploit latent vulnerabilities in the underlying database, or deny service to legitimate users. Other attacks are also possible.

ELBA versions 5.4.1 and 5.5.0 are vulnerable; other versions may also be affected.

ELBA Multiple Security Vulnerabilities

Attackers can exploit these issues via readily available tools.

ELBA Multiple Security Vulnerabilities

Solution:
Reportedly, the vendor has partially fixed the issues. Please contact the vendor for more information.

ELBA Multiple Security Vulnerabilities

References:

• ELBA Homepage (RACON Software GmbH Linz)
  
• Multiple Vulnerabilities in ELBA5 (SEC Consult Vulnerability Lab)