The following is a list of vulnerabilities identified in TARGIT:
Path traversal attack
Reported on the 25th of April 2025 and not registered under NVD.
Multiple vulnerabilities allowed authenticated users to manipulate files and folders, including unauthorized access, creation, and deletion.
Affected versions: The vulnerability affects the TARGIT Server in build 25.03.19002 (TARGIT Decision Suite - 2025 March) or older.
Mitigation: The vulnerability has been closed in build 25.05.27002 (TARGIT Decision Suite 2025 – June) and future builds.
Folders and files may be fetched from the server running the data gateway client
Reported on 7th of October 2024 and not registered under NVD.
A vulnerability exists in the gateway client where specific configurations within the connection string may result in unintended access to server files and folders. The vulnerability may only be exploited through Data Discovery or ETL Studio.
Affected versions: The vulnerability affects the data gateway client in build 649 or older.
Mitigation: The vulnerability has been closed in the data gateway client build 650 and future builds available from the 24th of October 2024. Remember to upgrade your version with the newest version from the cloud control panel.
XML parser allows load of external entities (XXE attack)
Reported on 12th of August 2024 and not registered under NVD.
The XML parser in TARGIT may be used to inject malicious content into an XML file to gain unauthorized access to files and resources on the server or perform DOS attacks.
Affected versions: The vulnerability affects TARGIT Anywhere in build 24.06.19002 (TARGIT Decision Suite 2024 June) or older.
Mitigation: The vulnerability has been closed in build 24.09.03003 (TARGIT Decision Suite 2024 – September) and future builds.
Fetching files from outside the VFS folder
Reported on 23rd of May 2024 and registered under NVD on CVE-2024-36427.
By prepending the VFS path with //, it is possible to request other files from the server outside the VFS.
Affected versions: The vulnerability affects the TARGIT Server in build 24.05.03003 (TARGIT Decision Suite 2024 April) or older.
Mitigation: The vulnerability has been closed in build 24.06.19002 (TARGIT Decision Suite 2024 – June) and future builds.
Exposed session tokens
Reported on 21st of May 2024 and registered under NVD on CVE-2024-36426.
Many of the functions in TARGIT Anywhere are passing the SessionID in the URL. E.g. “/anywhere/Session/GetExisting?session=f45b1c58-274c-488c-81e7-7ac948bfee7d”. This is a security threat since URLs can be stored locally in browsers, shared by accident, or sniffed while in transit to hijack other user sessions.
Affected versions: The vulnerability only affects TARGIT Anywhere in build 23.02.15012 (TARGIT Decision Suite 2022 Winter Update 2) or older.
Mitigation: The vulnerability has been closed in build 23.08.31502 (TARGIT Decision Suite 2023 – August) and future builds.
Note regarding jQuery CVE-2019-11358
A few customers have pointed out the jQuery CVE-2019-11358 vulnerability in a component used by TARGIT Anywhere.
We have reviewed this in the context of our product and do not consider it a practical risk.
The issue requires an attacker to inject and persist a specially crafted payload through the client. TARGIT Anywhere does not allow users to enter or save the type/amount of text needed for such an exploit. In addition, most customers uses authenticated users, which further limits exposure.
Even so, we take reports like this seriously and are tracking the dependency as part of our ongoing security maintenance.
Comments
Please sign in to leave a comment.