CVE-2020-35723 : Security Advisory and Response

Quest Policy Authority 8.1.2.200 is affected by a Reflected XSS vulnerability that allows remote attackers to inject malicious code into the browser. This vulnerability impacts products that are no longer supported by the maintainer.

Understanding CVE-2020-35723

This CVE involves a Reflected XSS vulnerability in Quest Policy Authority 8.1.2.200, enabling attackers to execute malicious code through a crafted link.

What is CVE-2020-35723?

The vulnerability allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file using the referer parameter. It affects products that are no longer supported by the maintainer.

The Impact of CVE-2020-35723

Remote attackers can exploit this vulnerability to execute malicious code in the browser.
Products no longer supported by the maintainer are at risk.

Technical Details of CVE-2020-35723

This section provides technical details about the vulnerability.

Vulnerability Description

The vulnerability is a Reflected XSS issue in Quest Policy Authority 8.1.2.200, allowing remote attackers to inject malicious code via a crafted link.

Affected Systems and Versions

Product: n/a
Vendor: n/a
Version: n/a

Exploitation Mechanism

Attackers can exploit this vulnerability by sending a specially crafted link to the ReportPreview.do file with the referer parameter.

Mitigation and Prevention

Protect your systems from CVE-2020-35723 with these mitigation strategies.

Immediate Steps to Take

Disable or restrict access to the affected component.
Implement input validation to prevent malicious code injection.
Regularly monitor and audit web traffic for suspicious activities.

Long-Term Security Practices

Keep software and systems up to date to prevent vulnerabilities.
Educate users on safe browsing practices and awareness of phishing attempts.

Patching and Updates

Apply patches or updates provided by the maintainer to address the vulnerability.