CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-12815

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile27.05th
Published2018年3月26日
Last Modified2024年11月21日

Vulnerability Description

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.

Affected Platforms (CPE)

📦
Bomgar

Remote Support

All versions

References & Advisories

🔗 http://www.securityfocus.com/archive/1/541885/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/541885/100/0/threaded

関連する脆弱性情報

CVE-2021-4383210.0

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creati...

CVE-2002-123510.0

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1....

CVE-2021-2124210.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-a...

CVE-2002-244610.0

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed with...