CVE-2018-19234

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.

Ссылки

http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/55
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2018/Nov/37
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/
Third Party Advisory
http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/55
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2018/Nov/37
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comparex:miss_marple:*:*:*:*:enterprise:*:*:*

Версия до 2.0 (исключая)

EPSS

Процентиль: 90%

0.05409

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-494

Связанные уязвимости

GHSA-g3m7-g22h-m88g