Описание
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00886
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
EPSS
Процентиль: 75%
0.00886
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other