CVE-2018-19234

CVE-2018-19234

EPSS 3.3%

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html http://seclists.org/fulldisclosure/2018/Nov/55 https://seclists.org/bugtraq/2018/Nov/37 https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/