Arbitrary File Upload Vulnerability in OutSystems Platform
CVE-2020-29441

7.2HIGH

Key Information:

Vendor: Outsystems
Status: Outsystems
Vendor: CVE Published:; 30 November 2020

What is CVE-2020-29441?

A critical flaw was identified in the Upload Widget of OutSystems Platform 10 prior to version 10.0.1019.0, where an unauthenticated attacker is able to upload malicious files. This vulnerability can lead to potentially severe consequences such as denial of service due to database space exhaustion, corruption of valid data during asynchronous file processing, and restricted access to legitimate uploaded files. It is essential for users of affected versions to implement necessary security updates to mitigate these risks.

References

https://success.outsystems.com/Support/Security/Vulnerabi...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2020
Vulnerability Reserved
Nov 30, 2020

CVE-2020-29441 Data

JSON

Outsystems

What is CVE-2020-29441?

References

CVSS V3.1

Timeline