9.8
CVE-2020-26867
- EPSS 3.57%
- Veröffentlicht 12.10.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:20:23
- Quelle vulnerability@kaspersky.com
- CVE-Watchlists
- Unerledigt
LoginARC Informatique PcVue Deserialization of Untrusted Data
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pcvuesolutions ≫ Pcvue Version >= 8.10 < 12.0.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.57% | 0.879 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| vulnerability@kaspersky.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/
https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03
https://www.pcvuesolutions.com/security
https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1