CVE-2020-29441

{"id": "CVE-2020-29441", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2020-11-30T22:15:11.073", "references": [{"url": "https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el Upload Widget en OutSystems Platform 10 versiones anteriores 10.0.1019.0. Un atacante no autenticado puede cargar archivos arbitrarios. En algunos casos, este ataque puede consumir el espacio disponible de la base de datos (denegaci\u00f3n de servicio), corromper datos leg\u00edtimos si los archivos son procesados de forma asincr\u00f3nica o negar el acceso a archivos leg\u00edtimos cargados"}], "lastModified": "2024-11-21T05:24:00.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:outsystems:outsystems:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D963887-7082-467B-AA2E-22C71C2CB06D", "versionEndExcluding": "10.0.1019.0", "versionStartIncluding": "10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}