PT-2019-10022 · Deltek · Deltek Ajera Timesheets

Anthony Cole

Publicado

2019-03-17

Atualizado

2019-03-22

CVE-2018-20221

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Deltek Ajera Timesheets versions 9.10.16 and prior

Description: The issue allows for remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.

Recommendations: For Deltek Ajera Timesheets versions 9.10.16 and prior, update to a version later than 9.10.16 to resolve the issue.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2018-20221

Produtos afetados

Deltek Ajera Timesheets

PT-2019-10022 · Deltek · Deltek Ajera Timesheets

CVE-2018-20221

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4