PT-2019-10022 · Deltek · Deltek Ajera Timesheets

Anthony Cole

Published

2019-03-17

Updated

2019-03-22

CVE-2018-20221

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Deltek Ajera Timesheets versions 9.10.16 and prior

Description: The issue allows for remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.

Recommendations: For Deltek Ajera Timesheets versions 9.10.16 and prior, update to a version later than 9.10.16 to resolve the issue.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-20221

Affected Products

Deltek Ajera Timesheets

PT-2019-10022 · Deltek · Deltek Ajera Timesheets

CVE-2018-20221

Weakness Enumeration

Related Identifiers

Affected Products

References · 4