CVE-2014-2025

Опубликовано: 31 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.

Ссылки

http://www.christian-schneider.net/advisories/CVE-2014-2025.txt
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99568
Third Party Advisory
VDB Entry
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31
Third Party Advisory
http://www.christian-schneider.net/advisories/CVE-2014-2025.txt
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99568
Third Party Advisory
VDB Entry
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*

cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*

EPSS

Процентиль: 92%

0.09013

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-4rc2-384v-9w8v

github

больше 3 лет назад