KB Article #179511

API Portal EasyDiscuss and CVE-2018-5263

Problem

  • Stackideas EasyDiscuss, which is distributed with API Portal, is affected by CVE-2018-5263. More details can be found from https://stackideas.com/blog/easydiscuss4021-update.
  • Private portions of the EasyBlog and EasyDiscuss documentations are not accessible
  • EasyBlog and EasyDiscuss language packs are not accessible


All API Portal versions are affected.


Resolution


To fix these problems, upgrade EasyBlog and EasyDiscuss following the below procedure:

  1. Download EasyBlog and EasyDiscuss upgrade packs from: https://support.axway.com/en/downloads/download-details/id/1438560
  2. Unzip APIPortal_7.5.5_Package_EasyBlogEasyDiscuss_allOS_BN1.zip in to a folder
  3. Sign in to your Joomla administrator panel at https://{host}/administrator
  4. Go to Extensions > Manage > Install
  5. Drag and drop the files com_easyblog_full_unlimited_5.2.3_joomla.zip/ com_easydiscuss_full_unlimited_4.0.22_joomla.zip into the Upload & Install Joomla Extension section from the folder you have unzip the files
  6. Follow the installation steps
  7. If prompted to select the installation method, select “Installation via Directory”, select the package from the drop-down list, and follow the instructions in the installer
  8. Repeat steps 4 to 7 for both EasyBlog and EasyDiscuss packages


From this point on:


  • The vulnerability is fixed
  • You can access the private parts of the EasyBlog and EasyDiscuss documentations by clicking on “sign in with Axway” when prompted to login
  • You can download language packs directly from EasyBlog and EasyDiscuss “language” sections