PT-2017-6488 · Cybele · Thinfinity Remote Desktop Workstation

Published

2017-10-06

Updated

2020-08-19

CVE-2015-1429

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cybele Software Thinfinity Remote Desktop Workstation version 3.0.0.3

Description A directory traversal issue allows remote attackers to download arbitrary files by utilizing a .. (dot dot) in an unspecified parameter. This could potentially lead to unauthorized access to sensitive information.

Recommendations For Cybele Software Thinfinity Remote Desktop Workstation version 3.0.0.3, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available. Avoid using the vulnerable parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2015-1429

Affected Products

Thinfinity Remote Desktop Workstation

PT-2017-6488 · Cybele · Thinfinity Remote Desktop Workstation

CVE-2015-1429

Weakness Enumeration

Related Identifiers

Affected Products

References · 3