Описание
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- US Government Resource
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
Дефекты
Связанные уязвимости
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
Уязвимость программного обеспечения для управления активами и рабочими процессами Cityworks и Cityworks with Office Companion, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить удаленный код
EPSS
8.8 High
CVSS3