External Control of File Name or Path Vulnerability in Advantech WebAccess
CVE-2018-14820

7.5HIGH

Key Information:

Vendor
Advantech
Vendor
CVE Published:
23 October 2018

Summary

Advantech WebAccess versions 8.3.1 and earlier are vulnerable due to a DLL component that allows external manipulation of file names or paths. This vulnerability could enable attackers to perform arbitrary file deletion actions during processing, posing significant risks to data integrity and application functionality.

Affected Version(s)

Advantech WebAccess WebAccess Versions 8.3.1 and prior

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.