Vulnerability CVE-2018-10207

Vulnerability CVE-2018-10207

Published: 2018-04-25

Description:

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.

Type:

CWE-862

(Missing Authorization)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Vaultize -> Enterprise file sharing

References:

https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/

Copyright 2024, cxsecurity.com