exploitDog

CVE-2018-10207

Опубликовано: 25 апр. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2018-10207
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vaultize:enterprise_file_sharing:17.05.31:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-82m6-xpgw-xcxg

CVSS3: 5.3

github

больше 3 лет назад

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.

EPSS

Процентиль: 43%

0.00206

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862