Arbitrary File Read Vulnerability in Saperion Web Client by Data Management Solutions
CVE-2018-6293

7.5HIGH

Key Information:

Vendor: Kofax
Status: SAPerion Web Client
Vendor: CVE Published:; 12 February 2018

Summary

An arbitrary file read vulnerability exists in the Saperion Web Client, allowing unauthorized users to access sensitive files on the server. This issue affects version 7.5.2 83166 and can potentially lead to the disclosure of confidential data, posing serious threats to data integrity and confidentiality. Proper remediation is essential to mitigate security risks associated with this vulnerability.

Affected Version(s)

Saperion Web Client 7.5.2 83166

References

https://ics-cert.kaspersky.com/alerts/2018/02/12/multiple...

x_refsource_MISC

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2018
Vulnerability Reserved
Jan 25, 2018