PT-2022-23241 · Unknown · Mapgis 10.5 Pro Igserver
Published
2022-08-19
·
Updated
2022-08-23
·
CVE-2022-36170
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MapGIS 10.5 Pro IGServer version 10.5
Description
The issue is related to hardcoded credentials in the front-end of the software, which can lead to escalation of privileges and arbitrary file deletion.
Recommendations
For MapGIS 10.5 Pro IGServer version 10.5, consider removing or modifying the hardcoded credentials in the front-end to prevent exploitation. As a temporary workaround, restrict access to sensitive areas of the software to minimize the risk of privilege escalation and file deletion.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mapgis 10.5 Pro Igserver