Openbravo ERP up to 3.0PR19Q1.2 getAttachmentDirectoryForNewAttachment inpKey directory traversal

A vulnerability was found in Openbravo ERP up to 3.0PR19Q1.2 (Enterprise Resource Planning Software). It has been rated as critical. Affected by this issue is the function getAttachmentDirectoryForNewAttachment. The manipulation of the argument inpKey with an unknown input leads to a directory traversal vulnerability. Using CWE to declare the problem leads to CWE-22. Impacted is confidentiality, integrity, and availability.

The weakness was released 07/28/2019. This vulnerability is handled as CVE-2019-14362 since 07/28/2019. The attack may be launched remotely. The successful exploitation needs a single authentication. There are known technical details, but no exploit is available.

Upgrading to version 3.0PR19Q1.3 eliminates this vulnerability.

Type

• Enterprise Resource Planning Software

Name

• Openbravo ERP

• 🔒
• 🔒
• 🔒

• 🔒
• 🔒
• 🔒

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Directory traversal (CWE-22)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: Openbravo ERP 3.0PR19Q1.3

07/28/2019 Advisory disclosed
07/28/2019 +0 days CVE assigned
07/29/2019 +1 days VulDB entry created
07/29/2019 +0 days VulDB last update
CVE: CVE-2019-14362 (🔒)Created: 07/29/2019 03:48 PM
Complete: 🔍

Comments

Comments are closed.