PT-2018-18286 · Schneider Electric · Data Center Operation

Published

2018-11-30

Updated

2018-12-28

CVE-2018-7806

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Data Center Operation (affected versions not specified)

Description: The issue allows for the arbitrary upload of files onto the server file system outside of the intended directory by exploiting the ZipSlip vulnerability within Java code. This can occur when a carefully crafted, malicious zip file is uploaded by an authenticated user, potentially containing path traversal file names.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-7806

Affected Products

Data Center Operation

PT-2018-18286 · Schneider Electric · Data Center Operation

CVE-2018-7806

Weakness Enumeration

Related Identifiers

Affected Products

References · 2