PT-2019-9234 · Cybozu · Cybozu Remote Service

Published

2019-01-09

Updated

2019-01-14

CVE-2018-16169

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cybozu Remote Service versions 3.0.0 through 3.1.0

Description The issue allows remote authenticated attackers to upload and execute Java code files on the server.

Recommendations For Cybozu Remote Service versions 3.0.0 through 3.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-16169

Affected Products

Cybozu Remote Service

PT-2019-9234 · Cybozu · Cybozu Remote Service

CVE-2018-16169

Weakness Enumeration

Related Identifiers

Affected Products

References · 4