External risk intelligence

Sankhya ERP Caixa de Entrada Cross-Site Scripting Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.0)

CVE-2022-42989

The vulnerability exists in an ERP system component. Enterprise Resource Planning (ERP) applications are commonly deployed as internet-facing web applications or accessed remotely by users, making their web-based components frequently reachable from the network edge.

Cross-site Scripting

Sankhya Om

before 4.11b81

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A cross-site scripting vulnerability was found in an ERP system component, allowing attackers to potentially inject malicious scripts into the application. This could impact user interactions and data integrity within the system. The main concern is confirming relevance and exposure.

  • Injecting scripts can alter user experience.
  • ERP systems often handle critical business data.
  • Confirm relevance and exposure within our systems.

Attack Path

How an attacker could exploit the issue

An attacker could target users of Sankhya ERP systems by sending them a specially crafted link. If a user clicks this link, their browser would be vulnerable to cross-site scripting, allowing the attacker to potentially compromise the user's session and access sensitive information.

  • Requires authenticated, low-privilege access.
  • Triggered via a malicious link in the inbox.
  • High risk of account takeover and data theft.

Live Threat

Current exploitation, exposure, and threat context

A cross-site scripting vulnerability in the Caixa de Entrada component could allow an attacker to inject malicious scripts into the application when supported by the advisory. This could potentially affect user sessions and data displayed within the ERP system.

  • User session data
  • Via user interaction with a crafted link
  • Unauthorized access or data modification

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability impacts Sankhya ERP, a business-critical application. Responsibility for addressing it likely falls to the ERP application owners and platform or infrastructure teams responsible for its hosting and maintenance. The immediate priority is to identify all instances of the affected Sankhya ERP system, determine their exposure and business criticality, and confirm the accountable owner before planning remediation.

  • ERP application and platform teams own remediation.
  • Verify reachability and business criticality first.
  • Plan maintenance and coordinate vendor updates.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Sankhya ERP?

Sankhya ERP is an Enterprise Resource Planning software used by organizations to manage business processes like finance, human resources, and supply chains. It serves as a central hub for sensitive corporate data, often integrating various operational modules to streamline daily workflows and reporting.

How does this XSS vulnerability work in CVE-2022-42989?

This is a cross-site scripting (XSS) weakness classified as CWE-79. It occurs when an application fails to properly sanitize user input, allowing an attacker to inject unauthorized scripts into web pages. When viewed by other users, these malicious scripts execute within the context of their active browser session.

When does this vulnerability get triggered?

The flaw is triggered when an authenticated user interacts with a specially crafted link within the Caixa de Entrada (Inbox) component. Simply visiting the application does not inherently trigger the issue; it requires a user to click a malicious link or perform an action that processes the injected code.

Why is this CVE relevant to my infrastructure?

According to Halo Surface Signal, this vulnerability is relevant because ERP systems are frequently deployed as internet-facing web applications to support remote access. Because the component is web-based and potentially reachable from the network edge, the risk of unauthorized session access or data theft is elevated.

Do I need to update my Sankhya ERP installation?

Yes. If you are running any version of Sankhya ERP prior to 4.11b81, you are affected. Your first step is to locate all instances of the software in your environment, determine who owns the system, and coordinate with your vendor to apply the necessary updates to secure the inbox component.

References