| |
Vulnerability CVE-2020-29441
Published: 2020-11-30
| Description: |
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. |
Type:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.4/10 |
4.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
Partial |
References: |
https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
