CVE-2020-29441

Published: Nov 30, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.

Affected (1)

Products: Outsystems: Outsystems

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Outsystems Outsystems	From 10 to 10.0.1019.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310

Source: cve@mitre.org

Vendor Advisory

https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.