CVE-2020-7358

Name of the Vulnerable Software and Affected Versions AppSpider versions prior to 7.2.126

Description The issue arises when the AppSpider installer calls an executable that can be replaced by an attacker with access to the local machine, potentially allowing the execution of arbitrary code. This is due to the installer's inability to distinguish between a valid executable and any other executable with the same file name.

Recommendations For versions prior to 7.2.126, update to version 7.2.126 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where the executable is located to prevent an attacker from replacing the valid executable with malicious code.