PT-2018-13060 · Lone Wolf Technologies · Loadingdocs

Published

2018-09-12

Updated

2019-10-03

CVE-2018-15502

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lone Wolf Technologies loadingDOCS version 2018-08-13

Description The issue allows remote attackers to download confidential files via https requests for predictable URLs due to insecure permissions.

Recommendations For version 2018-08-13, update the permissions to restrict access to confidential files and ensure that URLs are not predictable to prevent unauthorized downloads.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-15502

Affected Products

Loadingdocs

PT-2018-13060 · Lone Wolf Technologies · Loadingdocs

CVE-2018-15502

Weakness Enumeration

Related Identifiers

Affected Products

References · 3