9.8

CVE-2019-18643

EPSS 1.3%
Veröffentlicht 07.01.2021 21:15:12
Zuletzt bearbeitet 21.11.2024 04:33:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sparkdevnetwork ≫ Rock Rms Version < 8.10

Sparkdevnetwork ≫ Rock Rms Version >= 9.0 < 9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.3%	0.791

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-18643

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18643

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18643

EUVD