CVE-2020-35580

high-risk

Published 2021-05-20

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.

Do I need to act?

83.4% chance of exploitation in next 30 days

EPSS score — higher than 17% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Searchblox

Affected Vendors

Searchblox

References (4)

Vendor Advisory https://developer.searchblox.com/docs/getting-started-with-searchblox

Exploit https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html

Vendor Advisory https://developer.searchblox.com/docs/getting-started-with-searchblox

Exploit https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal