Lucene search

MitreCVE-2018-17055

HistorySep 28, 2018 - 12:29 a.m.

CVE-2018-17055

2018-09-2800:29:02

CWE-434

mitre

web.nvd.nist.gov

cve-2018-17055

arbitrary file upload

progress sitefinity cms

image uploads

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

Affected configurations

Nvd

Node

progresssitefinityRange4.0–11.0

VendorProductVersionCPE
progresssitefinity*cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	sitefinity	*	cpe:2.3:a:progress:sitefinity::::::::

References

insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/

knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Related for CVE-2018-17055