CVE-2018-18777

Опубликовано: 01 нояб. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Средний

Описание

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.

Ссылки

http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45755/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45755/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.69525

Средний

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-mw88-gp22-3p9g