PT-2018-9235 · Nasa · Rtretrievalframework
Nitin Arya
·
Publicado
2018-02-09
·
Atualizado
2018-03-01
·
CVE-2018-1000048
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
NASA RtRetrievalFramework version v1.0
Description:
The issue concerns a remote code execution flaw in the Data retrieval functionality of the RtRetrieval framework. This can be exploited when a victim attempts to retrieve and process a weather data file.
Recommendations:
For NASA RtRetrievalFramework version v1.0, consider disabling the Data retrieval functionality until a patch is available to prevent potential remote code execution. Restrict access to the weather data file processing feature to minimize the risk of exploitation.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rtretrievalframework