PT-2018-9753 · Flexpaper+1 · Flexpaperviewer+1
Anthony Maia
+1
·
Published
2018-04-25
·
Updated
2025-05-30
·
CVE-2018-10207
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Vaultize Enterprise File Sharing version 17.05.31
Description:
An issue was discovered where an attacker can exploit missing authorization on the FlexPaperViewer SWF reader. This allows the attacker to export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.
Recommendations:
For Vaultize Enterprise File Sharing version 17.05.31, consider restricting access to the FlexPaperViewer SWF reader until a patch is available. As a temporary workaround, limit page-by-page access to documents in SWF format to minimize the risk of exploitation.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flexpaperviewer
Vaultize Enterprise File Sharing