Description Preview
The License Manager service used by HASP SRM, Sentinel HASP, and Sentinel LDK products released before Sentinel LDK RTE 7.80 contains an XSS vulnerability in the Admin Control Center logs page. The input on that page is not adequately sanitized, allowing remote attackers to inject and execute arbitrary JavaScript when an administrator views the logs. This issue was publicly disclosed in 2018, and a fix is provided in Sentinel LDK RTE 7.80 and later. References to the vendor advisory SSA-566773 and related materials detail the vulnerability and its remediation.
Overview
This CVE documents a cross-site scripting vulnerability in the License Manager service used by HASP SRM, Sentinel HASP, and Sentinel LDK products. Prior to Sentinel LDK RTE 7.80, the logs page of Admin Control Center did not properly sanitize user-supplied input, enabling remote attackers to inject and execute malicious web script. The vulnerability was disclosed in 2018 and is tracked as CVE-2018-8900, with remediation available via upgrading to RTE 7.80 or newer per vendor advisories.
Remediation
- Upgrade to Sentinel LDK RTE 7.80 or later (preferred fix).
- Apply the vendor patch/ advisory SSA-566773 to mitigate the issue.
- If upgrading is not feasible, implement compensating controls:
- Restrict network access to the Admin Control Center and License Manager logs page to trusted administrators (e.g., via ACLs, VPN, or network segmentation).
- Deploy a Web Application Firewall (WAF) or equivalent that blocks or sanitizes reflected input on the ACC logs page.
- Disable or limit remote web access to ACC where possible; ensure least-privilege access to the management interface.
- Enforce input validation/sanitization on any interfaces that render user-supplied data in the logs page if customization is possible.
- Review and rotate administrator credentials; enable multifactor authentication if available.
- After applying fixes, verify the remediation in a controlled test environment to ensure XSS vectors no longer execute.
References
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- ConstructionConstruction: Low
- Educational ServicesEducational Services: Low
- Finance and InsuranceFinance and Insurance: Low
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- ManufacturingManufacturing: Low
- MiningMining: Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Public AdministrationPublic Administration: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Retail TradeRetail Trade: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- UtilitiesUtilities: Low
- Wholesale TradeWholesale Trade: Low
