PT-2018-18205 · Micro Focus+1 · Micro Focus Solutions Business Manager+1

Publicado

2018-06-21

Atualizado

2021-04-09

CVE-2018-7679

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Micro Focus Solutions Business Manager versions prior to 11.4

Description The issue arises when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, which could lead to remote code execution.

Recommendations For versions prior to 11.4, ensure that ASP.NET is configured to validate the contents of user avatar images and remove execute permission on the virtual directories to prevent remote code execution.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-7679

Produtos afetados

Asp.Net

Micro Focus Solutions Business Manager

PT-2018-18205 · Micro Focus+1 · Micro Focus Solutions Business Manager+1

CVE-2018-7679

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3