PT-2018-15253 · Ptc · Ptc Thingworx Platform

Published

2018-12-17

Updated

2019-07-02

CVE-2018-20092

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PTC ThingWorx Platform versions prior to 8.3.1

Description The issue allows for a directory traversal attack on ZIP files via a POST request. This can potentially lead to unauthorized access to sensitive files and directories.

Recommendations For PTC ThingWorx Platform versions prior to 8.3.1, update to version 8.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to ZIP file handling functionality until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-20092

Affected Products

Ptc Thingworx Platform

PT-2018-15253 · Ptc · Ptc Thingworx Platform

CVE-2018-20092

Weakness Enumeration

Related Identifiers

Affected Products

References · 6