PT-2019-12222 · Pivotal · Pivotal Application Manager

Publicado

2019-10-01

Atualizado

2020-10-16

CVE-2019-11275

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Pivotal Application Manager versions 666.0.x prior to 666.0.36 Pivotal Application Manager versions 667.0.x prior to 667.0.22 Pivotal Application Manager versions 668.0.x prior to 668.0.21 Pivotal Application Manager versions 669.0.x prior to 669.0.13 Pivotal Application Manager versions 670.0.x prior to 670.0.7

Description The issue allows a remote authenticated user to create an app with a name that can be interpreted by a csv program as a formula, potentially leading to execution. This could enable the malicious user to access a usage report that requires higher privileges.

Recommendations For versions 666.0.x prior to 666.0.36, update to version 666.0.36 or later. For versions 667.0.x prior to 667.0.22, update to version 667.0.22 or later. For versions 668.0.x prior to 668.0.21, update to version 668.0.21 or later. For versions 669.0.x prior to 669.0.13, update to version 669.0.13 or later. For versions 670.0.x prior to 670.0.7, update to version 670.0.7 or later.

Correção

Special Elements Injection

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-1236

Identificadores relacionados

CVE-2019-11275

Produtos afetados

Pivotal Application Manager

PT-2019-12222 · Pivotal · Pivotal Application Manager

CVE-2019-11275

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3