CVE-2018-25068

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions devent globalpom-utils versions up to 4.5.0

Description A critical vulnerability has been found in devent globalpom-utils, affecting the createTmpDir function of the FileResourceManagerProvider.java file. This vulnerability leads to insecure temporary file creation and can be initiated remotely.

Recommendations For devent globalpom-utils versions up to 4.5.0, upgrade to version 4.5.1 to address this issue. As a temporary workaround, consider restricting access to the createTmpDir function until the patch is applied.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-668

Related Identifiers

CVE-2018-25068

GHSA-JJVP-WFP8-RV69

Affected Products

Devent Globalpom-Utils

CVE-2018-25068

Weakness Enumeration

Related Identifiers

Affected Products

References · 11