7.8
CVE-2018-7529
- EPSS 2.13%
- Veröffentlicht 14.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:12:18
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginA Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Osisoft ≫ Pi Data Archive Version <= 2017
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.13% | 0.796 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
http://www.securityfocus.com/bid/103399
https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02