According to an advisory published by the Computer Emergency Response Team’s Coordination Center (CERT/CC), the enterprise solution is vulnerable to reflected XSS attacks when the dynamic navigation feature is enabled.
The security hole has been fixed with the release of versions 7.2.0.G.114 and 7.0.14.G.216. Customers can download the updates from Google’s Enterprise Support Portal.
As a workaround, users can disable the dynamic navigation feature. Instructions on how to do so are available on the GSA support page.
Will Dormann, a vulnerability analyst with the CERT/CC, reported the existence of the issue to Google on March 20, 2014. The advisory on the Google Search Appliance XSS vulnerability was made public on May 1, 2014.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018