Vulnerability Description
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).
Related Weaknesses (CWE)
References
- https://sourceforge.net/software/product/A8/
- https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Securi
- https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htm
- https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C
- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31
- https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmloff
- https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticate
FAQ
What is CVE-2019-25714?
CVE-2019-25714 is a documented vulnerability. Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root ...
How severe is CVE-2019-25714?
CVSS scoring is not yet available for CVE-2019-25714. Check NVD for updates.
Is there a patch for CVE-2019-25714?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.