CVE-2019-17327 - Vulnerability Details - OpenCVE

JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tmaxsoft	Jeus

Configuration 1 [-]

OR	cpe:2.3:a:tmaxsoft:jeus:7:fix_0::::::
	cpe:2.3:a:tmaxsoft:jeus:7:fix_5::::::
	cpe:2.3:a:tmaxsoft:jeus:8:fix_0::::::
	cpe:2.3:a:tmaxsoft:jeus:8:fix_1::::::

No data.

References

Link	Providers
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2019-11-08T17:54:05

Updated: 2024-08-05T01:40:14.453Z

Reserved: 2019-10-07T00:00:00

Link: CVE-2019-17327

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-08T18:15:13.467

Modified: 2024-11-21T04:32:05.920

Link: CVE-2019-17327

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "JEUS", "vendor": "TmaxSoft", "versions": [{"status": "affected", "version": "JEUS 7 Fix#0~5, JEUS 8Fix#0~1"}]}], "descriptions": [{"lang": "en", "value": "JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file."}], "problemTypes": [{"descriptions": [{"description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-08T17:54:05", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-17327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "JEUS", "version": {"version_data": [{"version_value": "JEUS 7 Fix#0~5, JEUS 8Fix#0~1"}]}}]}, "vendor_name": "TmaxSoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197", "refsource": "MISC", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:14.453Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2019-17327", "datePublished": "2019-11-08T17:54:05", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2024-08-05T01:40:14.453Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tmaxsoft:jeus:7:fix_0:*:*:*:*:*:*", "matchCriteriaId": "30A1BF9A-C29E-420A-AF80-E6AAB1F54D91", "vulnerable": true}, {"criteria": "cpe:2.3:a:tmaxsoft:jeus:7:fix_5:*:*:*:*:*:*", "matchCriteriaId": "3EAD3E3A-BD44-4A40-B338-E2A0B73A11EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tmaxsoft:jeus:8:fix_0:*:*:*:*:*:*", "matchCriteriaId": "F1B87C92-273A-43E5-AF78-E2E5F92AA4ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:tmaxsoft:jeus:8:fix_1:*:*:*:*:*:*", "matchCriteriaId": "394242F2-D8AF-420C-AFEC-C350F083B2E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file."}, {"lang": "es", "value": "Las versiones JEUS 7 Fix#0~5 y JEUS 8 Fix#0~1, contienen una vulnerabilidad de salto de directorio causada por una comprobaci\u00f3n inapropiada de los par\u00e1metros de entrada cuando se actualiza el archivo de instalaci\u00f3n en la p\u00e1gina web de administraci\u00f3n. Esto conlleva al atacante remoto a ejecutar c\u00f3digo arbitrario por medio del archivo cargado."}], "id": "CVE-2019-17327", "lastModified": "2024-11-21T04:32:05.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-08T18:15:13.467", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}