PT-2021-22037 · Unknown · Integria Ims
Nag0Mez
·
Published
2021-10-07
·
Updated
2021-10-15
·
CVE-2021-3832
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Integria IMS version 5.0.92
Description:
The issue allows for a Remote Code Execution attack through file uploading. An unauthenticated attacker could exploit this by abusing the
AsyncUpload() function.Recommendations:
For Integria IMS version 5.0.92, consider disabling the
AsyncUpload() function as a temporary workaround until a patch is available. Restrict access to file uploading features to minimize the risk of exploitation.Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Integria Ims