Lucene search
IcscertCVELIST:CVE-2020-14488HistoryJul 29, 2020 - 1:15 p.m.
CVE-2020-14488 OpenClinic GA
2020-07-2913:15:21
CWE-434
icscert
www.cve.org
7
openclinic ga
vulnerability
file upload
system execution
low-privilege user
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
42.8%
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
CNA Affected
[
{
"product": "OpenClinic GA",
"vendor": "open source",
"versions": [
{
"status": "affected",
"version": "5.09.02"
},
{
"status": "affected",
"version": "5.89.05b"
}
]
}
]Related
cve
cve
CVE-2020-14488
2020-07-29 14:15:12
nvd
nvd
CVE-2020-14488
2020-07-29 14:15:12
prion
prion
Design/Logic Flaw
2020-07-29 14:15:00
ics
ics
OpenClinic GA (Update B)
2021-06-15 12:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
42.8%
Related for CVELIST:CVE-2020-14488