PT-2015-3707 · Mathias Kettner · Checkmk
Publicado
2015-08-31
·
Atualizado
2015-09-01
·
CVE-2014-2332
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Check MK versions prior to 1.2.2p3
Check MK versions 1.2.3x prior to 1.2.3i5
Description
The issue allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." This can be exploited by remote attackers.
Recommendations
For versions prior to 1.2.2p3, update to version 1.2.2p3 or later.
For versions 1.2.3x prior to 1.2.3i5, update to version 1.2.3i5 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Checkmk