CVE-2018-5204

Published: Dec 28, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

Affected (1)

Products: Infraware Global: Ml Report

Infraware Global

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Infraware Global Ml Report	From 2.00.000.0000 to 2.18.628.5980

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30123

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30123

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.