PT-2018-15253 · Ptc · Ptc Thingworx Platform

Publicado

2018-12-17

Atualizado

2019-07-02

CVE-2018-20092

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PTC ThingWorx Platform versions prior to 8.3.1

Description The issue allows for a directory traversal attack on ZIP files via a POST request. This can potentially lead to unauthorized access to sensitive files and directories.

Recommendations For PTC ThingWorx Platform versions prior to 8.3.1, update to version 8.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to ZIP file handling functionality until a patch is available.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2018-20092

Produtos afetados

Ptc Thingworx Platform

PT-2018-15253 · Ptc · Ptc Thingworx Platform

CVE-2018-20092

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6