PT-2018-18205 · Micro Focus+1 · Micro Focus Solutions Business Manager+1

Published

2018-06-21

Updated

2021-04-09

CVE-2018-7679

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Micro Focus Solutions Business Manager versions prior to 11.4

Description The issue arises when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, which could lead to remote code execution.

Recommendations For versions prior to 11.4, ensure that ASP.NET is configured to validate the contents of user avatar images and remove execute permission on the virtual directories to prevent remote code execution.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-7679

Affected Products

Asp.Net

Micro Focus Solutions Business Manager

PT-2018-18205 · Micro Focus+1 · Micro Focus Solutions Business Manager+1

CVE-2018-7679

Weakness Enumeration

Related Identifiers

Affected Products

References · 3