PT-2018-17128 · Open Xchange · Open-Xchange Appsuite
Pnig0S
+1
·
Publicado
2018-06-15
·
Atualizado
2018-08-03
·
CVE-2018-5755
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Open-Xchange OX App Suite versions prior to 7.6.3-rev3
Open-Xchange OX App Suite versions 7.8.x prior to 7.8.2-rev4
Open-Xchange OX App Suite versions 7.8.3 prior to 7.8.3-rev5
Open-Xchange OX App Suite versions 7.8.4 prior to 7.8.4-rev4
Description:
The issue allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet, due to an absolute path traversal vulnerability in the readerengine component.
Recommendations:
For versions prior to 7.6.3-rev3, update to version 7.6.3-rev3 or later.
For versions 7.8.x prior to 7.8.2-rev4, update to version 7.8.2-rev4 or later.
For versions 7.8.3 prior to 7.8.3-rev5, update to version 7.8.3-rev5 or later.
For versions 7.8.4 prior to 7.8.4-rev4, update to version 7.8.4-rev4 or later.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Open-Xchange Appsuite