PT-2018-9753 · Flexpaper+1 · Flexpaperviewer+1

Anthony Maia

Publicado

2018-04-25

Atualizado

2025-05-30

CVE-2018-10207

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31

Description: An issue was discovered where an attacker can exploit missing authorization on the FlexPaperViewer SWF reader. This allows the attacker to export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.

Recommendations: For Vaultize Enterprise File Sharing version 17.05.31, consider restricting access to the FlexPaperViewer SWF reader until a patch is available. As a temporary workaround, limit page-by-page access to documents in SWF format to minimize the risk of exploitation.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2018-10207

Produtos afetados

Flexpaperviewer

Vaultize Enterprise File Sharing

PT-2018-9753 · Flexpaper+1 · Flexpaperviewer+1

CVE-2018-10207

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5