LabKey.Server.visualization-export.Information.Disclosure
Description
This indicates an attack attempt against an Information Disclosure vulnerability in LabKey Server.
The vulnerabilities is due to an error in the application when handling a crafted svg or xml file. A remote attacker can exploit this by injecting an XXE payload to gain unauthorized access to sensitive information.
Affected Products
LabKey Server 19.1.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Currently, we are unaware of any vendor-supplied patch or updates available for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |